views March 2016 Heightened Expectations Risk Advisory Services With the onslaught of regulatory change over the past several years some bankers may have forgotten that in 2010 the Office of the Comptroller of the Currency (OCC) introduced “heightened expectations” to large national banks1. The OCC then incorporated testing of adherence to the standards while carrying out examinations; as Comptroller of the Currency Thomas J. Curry stated “progress was slow.”2 As a result, in the fall of 2014 the OCC issued final guidelines (12 CFR Parts 30 and 170) regarding the heightened expectations which among other elements allow the OCC to take enforcement actions. 1. Minimum standards for the design and implementation of a bank’s risk governance (including compliance risk) framework. Well defined risk management roles and responsibilities must be present which is commonly known as the three lines of defense: front line units, independent risk management and internal audit. board Assurance | Tax | Advisory | dhgllp.com • All board members should be provided with the information needed for effective oversight. • An ongoing training program for the board must be in place. • An annual assessment of the board’s effectiveness must be conducted. The final guidelines have two significant pieces: 2. Requirements regarding the responsibilities and structure: • A bank should have at least two independent directors. of director The final guidelines broadly cover risk management while this article focuses on the heightened expectations and the compliance governance oversight responsibilities of the board. A solid compliance framework supports the overall enterprise risk management of the bank and should consider external and internal risks impacting the bank.

Ultimately, the board of directors has responsibility for ensuring that an adequate and effective compliance program is established and working as designed. . views What makes up an effective process to ensure that boards are adequately fulfilling their compliance oversight responsibilities? Does your bank (or an independent third party) review and evaluate the following: question and challenge management’s recommendations and decisions? The board should also hold management accountable to deadlines for resolving compliance deficiencies, especially significant and/or repeated regulator identified matters requiring attention. Compliance Culture Compliance risk professionals know that evaluating and improving your compliance program is an ongoing process and incorporating the evaluation of the board’s oversight (and related processes) will only strengthen the safety and soundness of the bank; demonstrate a commitment to compliance to your shareholders, customers and other stakeholders and positively influence the bank’s compliance culture and work environment. These sound business practices have applicability to other industries besides banking, and DHG stands ready to assist you in assessing and evaluating how effective your board is in carrying out their compliance oversight responsibilities. It is imperative that the board (and management) set the “tone at the top” for a positive compliance and ethical culture at the bank. Their commitment and the compliance culture is demonstrated not merely through policies and annual training but also through action by holding those outliers accountable when they fail to comply and/or act unethically. Communications with the Board The board should be actively involved in compliance matters and this may be tested by reviewing board and audit committee meeting minutes. To keep the board involved and informed periodic reports should be provided and discussed and include the current and forecasted compliance risks and issues.

Significant self and/or regulator identified issues should be reported on and discussed in detail and include the status of corrective actions. The board should also be briefed and trained on new regulations or organizational policy requirements. An update on any actions to address compliance “readiness” for new regulations should also be provided to the board. How DHG Can Help DHG’s team of regulatory compliance professionals can provide the following services: • Tailor and conduct a thorough independent assessment of the effectiveness of the board’s oversight to identify gaps and recommend corrective action »» Reporting Compliance Oversight »» Training All of the board’s compliance oversight duties are critical; however, holding management accountable for adhering to the compliance governance framework and program requirements is essential and sends a strong message to employees, customers, vendors, regulators and the general public.

Through a review of meeting minutes and/ or memorandum it should be clear and evident that the board is holding management accountable. Does the board »» Communications »» Board Committee Charters • Develop training materials • Assess applicable polices, charters and other governing documents and design the enhancements 1. Banks with more than $50 billion in assets. 2. Remarks by Thomas J. Curry, Comptroller of the Currency before the Prudential Bank Regulation Conference, Washington, D.C.

June 9, 2015 Assurance | Tax | Advisory | dhgllp.com 2 .