Financial Institutions Consulting Brochure

Page 1

Financial Institutions Consulting

Quality service. Personal attention.


Why Weaver? With more than 65 years of experience and a commitment to our financial institution clients, Weaver is established as a top-40 accounting firm in the U.S. and a premier provider of financial institutions consulting services. Our practice delivers the following services: ⊲⊲ Compliance review ⊲⊲ Internal audit ⊲⊲ SOX/FDICIA compliance ⊲⊲ Loan review ⊲⊲ Information technology FFIEC and security reviews ⊲⊲ Financial statement audit Our clients include banks, loan originators, third-party services, mortgage companies, insurance companies, hedge funds and collection agencies, among others. At Weaver, we’re passionate about client service. We provide creative and practical risk management solutions to help our financial institution clients thrive so they can focus on providing the highest quality of service to their customers.

2


Weaver’s Financial Institutions Consulting Services Weaver’s team of seasoned CPAs, former bank regulators, former lenders, internal auditors and IT security professionals helps financial institutions manage the complex risks unique to the industry. Our extensive experience allows us to help clients assess strategic, financial, operating and compliance risks, and provide efficient solutions to mitigate loss and take advantage of opportunities.

Risk Assessment Services While some risks are inherent to any institution, others are not so obvious to recognize. Risk assessments help identify areas of exposure and are useful in determining response plans for risk mitigation. A well-thought-out risk response strategy enables senior management to better anticipate change and be more proactive in order to mitigate loss or take advantage of opportunities. Given the numerous regulations that institutions are subject to, in addition to emerging risks, a robust risk assessment becomes a critical strategic management tool, as well as a key component of enterprise risk management. The following targeted risk areas may be appropriate for a separate assessment depending on an organization’s operating environment: ⊲⊲ Strategic and enterprise risk management (ERM)

⊲⊲ Community Reinvestment Act

⊲⊲ Lending and credit administration

⊲⊲ Information technology

⊲⊲ Regulatory compliance ⊲⊲ Fair Lending practices ⊲⊲ Bank Secrecy Act/Anti-Money Laundering ⊲⊲ Internal audit ⊲⊲ Operations ⊲⊲ Sarbanes-Oxley/FDICIA compliance

⊲⊲ Cybersecurity ⊲⊲ E-Banking ⊲⊲ Information security/ Gramm-Leach-Bliley Act ⊲⊲ Vendor management ⊲⊲ Lobby operations ⊲⊲ Interest rate and liquidity risk

3


Risk Assessment Services (continued...) Once an institution’s risks are identified, part of the response plan is to determine a control strategy using the Three Lines of Defense model for effective risk management: ⊲⊲ Internal controls over functions that own and manage risk ⊲⊲ Internal controls that monitor the first line of defense ⊲⊲ Internal audit or independent assurance that monitors the first two lines of defense and ensures they are operating effectively These activities help create a strong internal control environment, including a secure information systems environment.

⊲⊲

4


Regulatory Compliance Audit Services Regulatory compliance audits are an essential component of an effective compliance management program. They are instrumental to objectively evaluating compliance with laws, regulations and the associated policies and procedures. In tailoring our service approach, Weaver’s experienced consultants work to provide a risk-based compliance audit plan consistent with your institution’s size, complexity and risk profile. Our approach to regulatory compliance audit services includes:

Understanding the operating environment and risk profile

STEP 1

STEP 2

Designing a risk-based audit plan focusing on key exposure areas

STEP 3

STEP 4

Providing regular status updates throughout the engagement process Communicating findings and a remediation strategy to management

In addition to strengthening your existing compliance programs, an independent regulatory compliance audit helps your financial institution avoid costly non-compliance penalties. We address areas of concern through recommendations tailored specifically to your operating environment based on industry best practices. Once an appropriate remediation plan is developed, we will provide feedback and assistance if desired. Key areas for review include: ⊲⊲ Bank Secrecy Act/Anti-Money Laundering reviews ⊲⊲ Fair Lending assessments ⊲⊲ Lending and deposit compliance audits ⊲⊲ Remote deposit capture reviews ⊲⊲ Automated Clearing House ⊲⊲ FFIEC IT and other IT security reviews ⊲⊲ Other specialized audits

5


Mortgage Regulatory Compliance The emerging regulatory environment surrounding mortgage lending, combined with an increased focus on consumer advocacy by regulatory bodies, creates a substantial source of uncertainty. Financial organizations must stay on top of the fluid regulatory environment, and they need an experienced partner to guide them. Weaver can help. Mortgage Compliance Services ⊲⊲ Ability-to-pay determinations ⊲⊲ Fair Lending compliance ⊲⊲ RESPA obligation guidance ⊲⊲ Loan originator compensation ⊲⊲ Compliance risk assessments ⊲⊲ Schedule implementation and maintenance ⊲⊲ Appraisal disclosure compliance ⊲⊲ HOEPA fulfillment Specialized Audit Areas ⊲⊲ Privacy compliance ⊲⊲ Marketing programs and materials

6


Consumer Financial Protection Bureau (CFPB) Readiness Our CFPB Readiness services assess exposure to risk and potential control gaps that help mitigate the risk of non-compliance with regulatory requirements. Our services include providing guidance and recommendations on remediation strategies to address exposure areas and strengthen internal controls. Our CFBP Readiness Assessment covers the following areas: Compliance Management Assessment ⊲⊲ Compliance management system (CMS) components ⊲⊲ Board and management oversight ⊲⊲ Compliance program ⊲⊲ Policies and procedures ⊲⊲ Training ⊲⊲ Monitoring and corrective action ⊲⊲ Vendor management and third-party relationships ⊲⊲ Response to consumer complaints ⊲⊲ Compliance audit and quality control Operational Controls Assessment ⊲⊲ Organizational responsibilities and evaluation of the three lines of defense ⊲⊲ Policies and procedures ⊲⊲ Quality control and exception management ⊲⊲ Board of directors and management oversight ⊲⊲ Segregation of duties ⊲⊲ Assessment of fraud risk and related mitigating controls Technology Assessment ⊲⊲ Strategy and implementation ⊲⊲ IT risk assessment ⊲⊲ Application and system development ⊲⊲ Internal network and application security ⊲⊲ External security and threat assessment ⊲⊲ Access to consumer information ⊲⊲ Business continuity planning

7


Internal Audit Outsourcing and Co-Sourcing Organizations with strong governance and internal control employ sound processes for risk identification, risk response and monitoring of operating effectiveness within the control environment. Our approach is flexible and tailored to meet the needs of our clients. We can supplement an existing internal audit plan by providing additional resources or expertise where needed. Alternatively, we can assist with an entity-wide risk assessment and work in tandem with the audit committee to address its concerns and develop a comprehensive internal audit plan. Our internal audit methodology seeks first to understand the organization’s culture, operating environment and strategic objectives. We listen to feedback from management and/or the board to understand concerns and assess risks qualitatively. We use this information, coupled with evaluating quantitative metrics, to determine the significance of operating activities and related risks. In addition to evaluating risks currently impacting the organization, we assess emerging risks that can have an impact in the future. Using this approach helps our clients identify emerging trends and proactively establish risk mitigation strategies, if necessary. Weaver’s risk model is designed to assist stakeholders in developing a risk rated internal audit universe, which identifies high exposure areas. The internal audit universe is used as the basis of the annual audit plan that outlines the frequency and scope of the internal audits to be performed. When executing our internal audit methodology, we assess effectiveness of control processes using the Three Lines of Defense model for effective risk management: ⊲⊲ Management controls and internal control measures ⊲⊲ Risk control and compliance oversight ⊲⊲ Independent assurance – internal audit

8


Internal audit activities focus on asset protection, loss prevention, compliance, internal controls and fraud. Key steps in our internal audit service methodology include:

Review Risk Model

Review Risk Assessment of Audit Areas

Set Timing of Internal Audit(s)

Perform Internal Audit Procedures

Report Findings

Internal audit areas typically subject to review include ⊲⊲ Risk assessment completeness

⊲⊲ Mortgage lending

⊲⊲ Internal audit plan completeness

⊲⊲ Warehouse lending

⊲⊲ Policies and procedures completeness

⊲⊲ Branch operations

⊲⊲ Accounting and financial reporting

⊲⊲ Wire transfer

⊲⊲ Due from banks and borrowings ⊲⊲ Investment portfolio ⊲⊲ Interest rate risk management ⊲⊲ Liquidity risk management ⊲⊲ Lending

⊲⊲ Deposits ⊲⊲ Human resources/payroll ⊲⊲ Bank-owned life insurance ⊲⊲ Non-deposit investment products ⊲⊲ Trust compliance and operations

Outsourcing While maintaining objectivity and independence, outsourcing your internal audit function can provide technical proficiency related to core processes and assessments that may not be available in the organization. Additionally, this can help eliminate the constraints of managing, attracting and retaining internal audit staff, allowing management more time to devote to strategic and profit generating activities. Co-Sourcing Internal audit professionals are experienced in project planning, risk management, financial reporting, IT and operations. As specific skill set needs vary from one organization to another, augmenting your existing staff with assistance from Weaver will provide in-depth audit skills and industry knowledge that may not be available internally.

A 9


Loan Review Services Weaver’s loan review services provide an independent assessment of an institution’s asset quality and the effectiveness of management’s loan and credit administration practices. For loan portfolio acquisitions, our loan review services can be leveraged as a component of effective due diligence, providing a more complete understanding of a target loan portfolio’s vulnerabilities. Weaver’s approach includes: Working with management to establish effective loan review parameters with an engagement scope that targets risk in the underwriting and loan concentrations. Evaluating the effectiveness of early problem loan identification processes, credit risk mitigation, and loan and credit administration practices. Identifying concentrations of credit risk and lending practices that can lead to elevated exposure to loss of income and capital. Evaluating the methodology used to periodically test the adequacy of the allowance for loan and lease losses to ensure compliance with both regulatory and professional accounting standards.

10


IT Advisory Services Our IT advisory services evaluate the processes within your technology environment used to safeguard the integrity of your systems and your customers’ data. By evaluating your processes before an event occurs, management can significantly lessen the threat of financial loss from fraud or theft, productivity loss from system downtime, and the risk of compromising customer data and proprietary operating information. IT Audit An IT audit evaluates your financial institution’s information systems for potential vulnerabilities to external threats and internal compromise. A variety of state and federal regulations require independent verification of IT systems and controls, including: ⊲⊲ Federal Deposit Insurance Corporation Improvement Act (FDICIA) ⊲⊲ Sarbanes-Oxley Act (SOX) ⊲⊲ Federal Financial Institutions Examination Council (FFIEC) ⊲⊲ Gramm-Leach-Bliley Act (GLBA) We are experienced in integrating our audit procedures to enable our clients to demonstrate management’s assessment across multiple requirements. Cybersecurity Services Weaver’s security services team will evaluate your systems, policies and procedures to identify where vulnerabilities may exist—either from external threats or from internal compromise. We offer several options when evaluating security procedures and vulnerabilities: ⊲⊲ Internal vulnerability scans ⊲⊲ External vulnerability scans ⊲⊲ Penetration testing ⊲⊲ Social engineering ⊲⊲ Network architecture reviews ⊲⊲ Wireless and mobile device evaluation

11


For more information, contact: Bruce Zaret, CPA, Partner, Advisory Services bruce.zaret@weaver.com | 972.448.9232 James Mihills, CPA, Partner, Advisory Services james.mihills@weaver.com | 817.882.7361

What Can Weaver Do For You?

Weaver offers a full range of assurance, tax and advisory services. Every day, our clients rely on us for: Assurance ⊲⊲ Audit, review and compilation ⊲⊲ Employee benefit plan audit ⊲⊲ Agreed-upon procedures ⊲⊲ IFRS assessment and conversion ⊲⊲ Private equity services ⊲⊲ Public company services ⊲⊲ SSAE 16/SOC 1, 2 and 3 Tax ⊲⊲ ⊲⊲ ⊲⊲ ⊲⊲

Federal tax compliance and planning International tax State and local tax Wealth strategies

Advisory ⊲⊲ Financial institutions consulting ⊲⊲ Risk advisory ⊲⊲ IT advisory ⊲⊲ Transaction advisory ⊲⊲ Public company services ⊲⊲ Energy compliance and consulting ⊲⊲ Forensics and litigation Weaver.com info@weaver.com | 800.332.7952 facebook.com/weavercpas youtube.com/weavercpas linkedin.com/company/weaver twitter.com/weavercpas


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.