Volcker Rule: Independent Testing 2015
Daniel H. Connor
Aurelien Borde
Abul Hasnat
Head of US Operations
Senior Manager
Manager
Tel: (862) 596-0649 Mail: daniel.connor@sia-partners.com
Tel: (917) 935-8855 Mail: aurelien.borde@sia-partners.com
Tel: (917) 859-3864 Mail: abul.hasnat@sia-partners.com
1
Overview of the Volcker Rule & Independent Testing
section
CONFIDENTIAL Š Sia Partners
2
Overview of the Volcker Rule The Volcker Rule compliance date was July 21, 2015. The four primary components include: Proprietary Trading
• Prohibits banking entities from engaging in Proprietary Trading. • Activities such as market-making, risk-mitigating hedging and underwriting activities are exempted from the prohibition.
Covered Funds
• Prohibits acquiring or retaining an ownership interest in or sponsorship of a “Covered Fund” (certain private equity funds, hedge funds and vehicles, depending on the way they are structured) by a banking entity as a principal.
Compliance Program
• Requires banking entities to establish Compliance Programs based on size, complexity, and type of activity. Banks with $50 billion or more in total consolidated assets have to establish an Enhanced Program with the following elements: • Policies and Procedures – Document and monitor permitted Proprietary Trading and Covered Funds activities; • Internal Controls – Monitor compliance with the Rule and prevent activities that are prohibited; • Management Framework – Establish clear responsibility and accountability for compliance with the Rule; • Training – Ensure that traders, managers, and other stakeholders understand and comply with the program; • Independent Testing – Audit the effectiveness of the Compliance Program; • Record Retention – Keep sufficient records, minimum 5 years, to demonstrate compliance with the Rule. • Under the enhanced requirements, the CEO of a banking entity must annually attest in writing to the relevant Agency that the banking entity has in place a Compliance Program reasonably designed to achieve compliance with Volcker.
Metrics Reporting
• Banking entities with $10 billion or more in aggregate U.S. trading assets and liabilities have to report on seven quantitative Metrics designed to monitor permitted trading activities relying on the market-making, the underwriting and the risk-mitigating hedging exemptions. Metrics must be calculated daily and aggregated monthly for regulatory reporting. • Reporting timeline is not July 21st, 2015 but depends on the size of aggregate U.S. trading assets and liabilities of the banking entity and its affiliates.
CONFIDENTIAL © Sia Partners
3
Overview of the Volcker Rule – Compliance Program Requirements The “elements” of the compliance program as defined in the Final Rule. 1. Policies and Procedures
2. Internal Controls
3. Management Framework
Documents, describes, monitors and limits prohibited trading activities and investments by banking entity to ensure that all of the activities under section 13 of BHC are complied with.
Monitors compliance with the rule and to prevent the occurrence of activities or fund investments that are prohibited.
Establishes clear responsibility and accountability for compliance with the rule including management reviews of trading limits, strategies, hedging activities and other similar matters.
4. Independent Testing
5. Training
6. Record Retention
Audits the effectiveness of the compliance program by qualified personnel of the banking entity or outside party.
Ensures that trading personnel, managers, and other appropriate personnel understand the compliance program and effectively comply with it.
Ensures that sufficient records are kept, minimum of 5 years, to demonstrate compliance with the rule and the banking entity must promptly provide it to the regulator upon request.
7. Enhanced Reporting Requirements 8. Covered Funds Documentation
For entities with sufficient scale, a panel of 7 quantitative metrics must be calculated for each trading day and reported to the relevant regulatory agency on timelines varying from quarterly by Quarter end +30 days to monthly by Month end +10 days. The enhanced metrics requirement has a backstop provision that requires continual review and enhancement of quantitative metrics used to monitor for compliance with the Volcker Rule. For banking entities with sufficient scale, detailed documentation is required to describe the scope and nature of the firm’s covered fund activities. The requirements include detailed mapping of each covered fund and pool the banking entity sponsors or invests in to organizational units holding them as well as mapping of organizational units to governance and oversight.
These elements are required as part of a “minimum compliance standards program” but there is little guidance defining when this minimum threshold has been met. Covered banking entities will need to calibrate the minimum standard threshold against the more detailed “enhanced compliance standards requirements” from Appendix B of the Final Rule which are outlined on the following pages. CONFIDENTIAL © Sia Partners
4
Overview of the Volcker Rule – Compliance Program Requirements: Independent Testing
“A banking entity must ensure that independent testing
4. Independent Testing Audits the effectiveness of the compliance program by qualified personnel of the banking entity or outside party.
regarding the effectiveness of the banking entity’s compliance program is conducted by a qualified independent party, such as the banking entity’s internal audit department, compliance personnel or risk managers independent of the trading desk or other organizational unit being tested, outside auditors, consultants, or other qualified independent parties.”
The independent testing must examine both the banking entity’s compliance program and its actual compliance with the Rule;
The testing must include not only testing of the overall adequacy of the compliance program and efforts, but also the effectiveness of the compliance program and the entity’s compliance with each provision of the Rule;
This requirement is intended to ensure that a banking entity continually reviews and assesses the strength of its compliance efforts.
CONFIDENTIAL © Sia Partners
5
2
Volcker Compliance Program & Independent Testing
section
CONFIDENTIAL Š Sia Partners
6
Volcker Compliance Program & Independent Testing Proprietary Trading Banks subject to the enhanced compliance program have implemented a Compliance Program that includes several levels of controls and monitoring tasks, as described in the diagram below. The annual Independent Testing is part of the Compliance Program, can be conducted by an internal group (e.g., Compliance or Audit) or an independent third party and must test the appropriateness and the effectiveness of the Compliance Program. Banks are generally targeting the first Independent Testing to be run by the end of the year to support the first CEO attestation. July 21st, 2015
Sep. 30th, 2015
Dec. 31st, 2015
March 31st, 2016
1st level of Control
2nd level of Control
Annual Testing
CEO & Senior Management Compliance / Audit
Compliance
June 30th, 2016
Annual Certification Annual Independent Testing Quarterly Compliance Monitoring Monthly monitoring of Volcker requirements (reasonably expected near-term client demand...)
Risk
Monitoring of the metrics and limits
Finance
Control of the P&L metric
Business & Supporting Groups (M/O‌)
Monitoring of the metrics and limits
CONFIDENTIAL Š Sia Partners
Volcker impact analysis for each new activity
Annual subcertification 7
Volcker Compliance Program & Independent Testing Covered Funds Banks have implemented internal controls to monitor compliance with the Covered Funds restrictions. These controls include:
New Investments • A banking entity must ensure that new investments, products, and strategies have gone through a Volcker analysis to confirm Compliance with the Volcker Rule
Super 23A Restrictions
Monitoring of Thresholds
Monitoring of Permitted Activities
• Under Super 23A, no banking entity and no affiliate of any such banking entity may enter into a “covered transaction” with a related covered fund or any covered fund controlled by any such fund
• A banking entity’s investment in a covered fund cannot exceed 3% of the value of, or the number of ownership interests in, the covered fund
• A banking entity must monitor certain permitted activities including hedging activity, insurance companies, and foreign funds
• The aggregate value of all ownership interests in permitted covered funds cannot exceed 3% of the banking entity’s Tier 1 Capital
• New activities must be properly vetted to ensure they are permitted activities under the Rule
• These restrictions are absolute, unlike 23A which allows transactions with limits
The annual Independent Testing can be conducted by an internal group (e.g., Compliance or Audit) or an independent third party and must test the appropriateness and the effectiveness of these controls. CONFIDENTIAL © Sia Partners
8
3
Volcker Independent Testing
section
CONFIDENTIAL Š Sia Partners
9
Volcker Independent Testing: Sia Partners’ Testing Methodology
Phase
The first CEO Attestation is due on March 31, 2016, and completed annually thereafter. We recommend banking entities conduct their first independent testing by year-end 2015 in order for the Attestation process to rely upon these testing results. Sia Partners US has developed a Standard Testing Approach designed to implement and perform testing that provides meaningful results: III – Final Assessment and Remediation
Review the general testing strategy created by the banking entity to fulfill requirements of the Enhanced Compliance Program; Obtain and review appropriate documents (incl. policies & procedures, governance, other); Define the testing plan including the testing steps to be performed; Develop testing scripts; Identify the Key Points of Contact (KPOC).
Conduct independent testing of the effectiveness of the compliance program; Document the process for periodic testing; Examine both the banking entity’s compliance program and its actual compliance with the Rule; Conduct follow ups to clarify points, where necessary, to affirm or supplement information obtained.
Review adequacy of the compliance program and compliance efforts; Review the banking entity’s compliance with each provision of the Rule; Conduct an analysis of any internal breaches; Define plan to promptly remedy any inherent weakness in the compliance program and terminate any violation.
Obtain an understanding of the Enhanced Compliance Program of the banking entity; Determine the scope of the testing and identify key stakeholders; Develop the testing scripts.
Document the testing process; Identify the controls in place and gauge the level of compliance with procedures; Ensure independency of the testing.
Map out the compliance to each applicable rule and the related components; Identify gaps in compliance; Suggest remediation plans, where necessary to correct compliance.
Documentation of actual processes and controls in place Results of testing each area of the Enhanced Compliance Program
Formal report with gap assessment and recommended remediation steps
Work output
Approach
II – Perform Testing
Objective
I – Identify Testing Strategy
Project Plan Testing scope Testing plan Testing scripts
CONFIDENTIAL © Sia Partners
10
Volcker Independent Testing Requirement
Record Retention
Key Elements to be Tested
Policies and Procedures Internal Controls
Metrics
Training
Record Retention
Managemen t Framework
Policies and Procedures
Internal Controls
Metrics
Training
• Verify that trading P&P include the essentials i.e., identify authorized products that can be purchased or sold, mission of the trading desk, identification of trading desks, identify risk and size limits, etc. • Ensure that hedging P&P include descriptions of positions, techniques and strategies that will be used, how the banking entity identifies risks, what level will hedging activity take place, monitor and review procedures, how the hedges are developed, documented, tested for effectiveness, approved and reviewed.
• Confirm that risk management P&P include descriptions of governance, reporting, escalation, review and other processes to ensure compliance, how internal valuation models and risk limits are developed, documented, tested and approved.
•
Ensure all trading controls include measures / steps to control that activity is in line with policies and procedures.
•
Confirm that controls relating to hedging activity are designed to track the adherence to internal policies and procedures and include how related analysis will be conducted and frequency.
•
Ensure controls related to covered funds: • Monitor individual and aggregate investments in covered funds, • Calculate individual and aggregate ownership interests, • Include requirements relating to sponsoring, underwriting and market making activity, • Include pro-active measures to ensure that a covered fund can be purchased by the banking entity.
•
Ensure that risk management controls include model validation, establishing risk limits and ensuring adherence to these limits.
Management Framework
CONFIDENTIAL © Sia Partners
11
Volcker Independent Testing Requirement
Record Retention
Policies and Procedures
Internal Controls
Metrics
Training
Record Retention
Management Framework
Policies and Procedures
Internal Controls
Metrics
Training
Managemen t Framework
CONFIDENTIAL © Sia Partners
Key Elements to be Tested
•
Verification of personnel responsible for effective implementation and enforcement of compliance program (including personnel qualifications and responsibilities);
•
Confirm reporting line and chain of responsibility;
•
Identification of escalations;
•
Verify main stakeholders responsible for policies and procedures;
•
Analyze Management committees and minutes; Senior Management committees and minutes that must include any potential violation (e.g., limit breach, etc.) and related analysis.
• Ensure that all employees of the desk have been trained: •
Obtain list of employees that have been trained and training materials from Corporate Compliance;
•
Obtain list of traders operating on the desk from Heads of Desk and ensure all employees of the desk appear on the list of trained employees;
•
Request traders of the desk provide Volcker training materials to ensure that they have access to the Volcker training materials.
12
Volcker Independent Testing Requirement
Record Retention
Internal Controls
Record Retention
Manageme nt Framework
Policies and Procedures
Internal Controls
Metrics
Training
•
Ensure that on a daily basis, a report has been generated by the applicable group that includes the 7 metrics: Obtain evidence that IT batch treatments have run every day (or a specific day);
•
Ensure that on a daily basis, applicable group has performed a review of the P&L in the report: Obtain e-mails evidencing the control (e.g., on a specific day);
•
Ensure that, on a daily basis, the applicable group has stored the metrics report: Obtain the list of reports of the month for a certain month; etc.;
•
Ensure that report and data errors in the metrics report have been raised to applicable groups for investigation and remediation: Inquire with Risk Group if there were report/data errors during the year and obtain documentation of the related analysis, etc.
•
Ensure that all Volcker materials are stored and are accessible:
Policies and Procedures
Metrics
Training
Key Elements to be Tested
Managemen t Framework
CONFIDENTIAL © Sia Partners
•
Obtain a list of all Volcker related documents that are required to be maintained by a specified group and ensure the documents are stored and accessible;
•
Request the applicable group provides metrics reports for a certain period of time (from months/years ago);
•
Request Risk and Compliance groups to provide investigation and escalation documentation of threshold breach or limit violation for a certain period of time;
•
Request Compliance and/or HR to provide most current training materials.
13
Volcker Independent Testing Focus on Covered Funds “A banking entity may not, as principal, directly or indirectly, acquire or retain any ownership interest in or sponsor a covered fund.” Although exemptions and exclusions exist, a banking entity must ensure its compliance with the requirements of the Rule through testing the following areas: New Investments • •
• •
Ensure there is proper documentation for new investments Confirm that controls are in place to ensure new investment goes through a Volcker Rule applicability review Confirm that controls are in place to identify changes to a fund’s prospectus or other documentation Confirm any newly acquired entities’ activities have been authorized under the Volcker Rule
Super 23A Restrictions •
• •
Confirm that controls are in place to ensure the banking entity does not enter into certain transactions with funds that its sponsors, organizes, or offers If applicable, verify entity does not extend credit to the fund or purchase assets from the funds Ensure a control is in place so a banking entity will not breach requirements when offering a new fund
Thresholds
Permitted Activities
•
•
•
Confirm that controls are in place to ensure ownership of the fund does not exceed 3% of the value of the fund Confirm that controls are in place to ensure Covered Fund ownership does not exceed 3% of the Bank’s Tier 1 Capital
• •
CONFIDENTIAL © Sia Partners
Ensure fund owned/sponsored is excluded from the definition of a Covered Fund (ex: foreign public funds, joint ventures, etc.) Confirm requirements are fulfilled when offering a Covered Fund, including fiduciary services and ownership limits Verify each covered fund under an exclusion/exemption has completed a Volcker impact analysis
14
4
Sia Partners Presentation
section
CONFIDENTIAL Š Sia Partners
15
Sia Partners, a management consulting firm with a global reach
> A team with an unparalleled expertise able to deliver superior value and tangible results for our clients
15%
70%
15%
Strategy
Business Transformation
IT & Digital Strategy
120
1999
22%
$m revenue
Date created
Of annual growth in the last 3 years
17
600+
25+
Offices worldwide
Consultants
Nationalities
>
A culture of excellence and high standards for our clients and our team Key clients include
150+
20%
6,000
clients
of Fortune 500 companies
assignments since our creation
10 coverage sectors - 10 service areas
#17
20,000
81%
Our teams are fully integrated with a global reach
in Vault Top 25 Consulting Europe list
followers on LinkedIn
of Sia Consultants give us the highest rating as a Great Place to Work
CONFIDENTIAL Š Sia Partners
16
Financial Services capabilities Strong track record across all areas of the Financial Services sector
Key Figures
Our key clients include
40% of the G-SIB list (“global systemically important banks”)
Our main areas of focus
Investment Banking & Commercial Banking
Asset Management
Core Banking & Payments
Insurance Services
Finance, Accounting & Risk Management
1,500 Financial Services assignments since our creation
Compliance & Regulatory Advisory
Sia Partners works closely with leading Financial Institutions on key projects:
200+ Financial Services Consultants in 15 offices worldwide
50+ Financial Services Consultants in North America
CONFIDENTIAL © Sia Partners
17
Financial Services capabilities Extensive expertise across coverage sectors and service areas
Key Figures
10 Financial Services surveys and reviews produced annually
Business transformation expertise:
Regulatory Compliance and Financial Performance •
Basel II & III; Dodd Frank including the Volcker Rule;
Performance Optimization •
(e.g., reconciliations); Lean Six-Sigma; Agile
CCAR; IHC; Enhanced Prudential Standards
100,000 visitors on our blog per year http://en.finance.siapartners.com/
•
Compliance: Anti-Money Laundering, KYC, OFAC, FATCA
•
Front-to-Back Optimization; Operating Model Redesign
•
Regulatory Reviews & Impact Assessments; Policies &
•
Lending Capability (System Expertise: Loan IQ, ACBS…)
Procedures Development; Data Quality Frameworks
•
Payment Capability (Payment Hub Transformation,
•
100
CONFIDENTIAL © Sia Partners
Payment System Consolidation & Transformation…)
Operational Risk Management & Control; Internal Audit Asset & Liability Management
•
Core Banking Modernization
•
Financial Control; Accounting and P&L
•
IT Risk Assessment; Cyber Security
•
Digital Banking; Multi-Access Oriented Products
•
Subsidiary Management & Organization Support
•
Alternative Payments (Mobile, Digital Currencies)
•
Operational Due Diligence; Acquisition Assessment and
•
Global Transaction Banking: Benchmark; Target
Business Models & Offerings Definition
press articles published every year
Operational Efficiency; Process Analysis & Optimization
•
Banking & Insurance Convergence
Design and Launch of New Offers
Merger Integration; Target Operating Model Definition •
Location Strategy; Outsourcing Strategy Definition; BPO Healthchecks
Domestic and International Growth
18
Asia
Belgium
Canada
France
Italy
Singapore 55 Market St, Level 10 Singapore, 048941 T. +65 6521 3186 Hong Kong 701, 77 Wing Lok St, Sheung Wan, HK T. +852 3975 5611 Japan Level 20 Marunouchi, Trust TowerMain 1-8-3 MarunouchiChiyoda-ku 100-0005, Tokyo
Brussels Av Henri Jasparlaan, 128 1060 Brussels - Belgium T. +32 2 213 82 85
Montréal 600 de Maisonneuve Blvd. West, Suite 2200 Montreal, QC H3A 3J2
Paris 18 bd Montmartre 75009 Paris T. +33 1 42 77 76 17 Lyon Tour Oxygène, 10-12 bd Vivier Merle 69003 Lyon
Rome Via Quattro Fontane 116 00184 Roma T. +39 06 48 28 506 Milan Via Medici 15 20123 Milano T. +39 02 89 09 39 45
Morocco
Netherlands
Middle East
UK
US
Casablanca 14, avenue Mers Sultan 20500 Casablanca, Maroc T. +212 522 49 24 80
Amsterdam Barbara Strozzilaan 101 1083 HN Amsterdam T. +31 20 240 22 05
Dubaï, Riyadh & Abu Dhabi PO Box 502665 Shatha Tower office 2115 Dubai Media City Dubai, U.A.E. T. +971 4 443 1613
London Princess House, 4th Floor, 27 Bush Lane, London, EC4R 0AA T. +44 20 7933 9333
New York 115 Broadway 12th Floor New York, NY10006 - USA T. +1 646 496 0160 North Carolina 401 N. Tryon Street, 10th Floor, Charlotte, NC 28202
For more information, visit : www.sia-partners.com Follow us on LinkedIn and Twitter
@SiaPartners
Driving Excellence