P a
This presentation is the property of its rightful owner.
Sponsored Links
1 / 116

P a g e | 1 Inter n atio na l A s s oci a t ion of R isk a nd Co mpl i a n c e Pr o f e s s io na l s ( I A RCP) PowerPoint PPT Presentation


  • 55 Views
  • Uploaded on
  • Presentation posted in: General

P a g e | 1 Inter n atio na l A s s oci a t ion of R isk a nd Co mpl i a n c e Pr o f e s s io na l s ( I A RCP) 12 0 0 G St re e t N W Su i t e 8 0 0 W a s h i ng t o n, D C 2 000 5 - 67 0 5 U SA T e l : 2 0 2 - 449 - 9750 www .ri s k - c ompl i ance-a ss o c i a tion . c om.

Download Presentation

P a g e | 1 Inter n atio na l A s s oci a t ion of R isk a nd Co mpl i a n c e Pr o f e s s io na l s ( I A RCP)

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |1

InternationalAssociationofRiskandComplianceProfessionals(IARCP)

1200GStreet NWSuite800Washington,DC20005-6705USATel:202-449-9750www.risk-compliance-association.com

Top10riskandcompliancemanagementrelatednewsstoriesandworldeventsthat(forbetterorforworse)shapedthe week'sagenda,andwhatisnext

DearMember,

Who“leadstheworldinitsimplementationofBaselIII”?

Accordingto WayneByres,SecretaryGeneral,BaselCommitteeonBankingSupervision,Asia!

“IwouldalsoliketoacknowledgethattheAsianregionleadstheworldinitsimplementationofBaselIII.”

But…hecontinues:

“Goldilocksexploredthebears’house,testingtheporridge,thechairsandthebedsuntilshefoundthingsthatshethoughtwere“justright”

What?Goldilocksexploredthebears’house?Oh,no,Goldilocksisnot coveredinourBaseliiicourse.Itcould beimportant.

Bearshouse?HemeansRussia?No,

no,ithasnothingtodowiththecoldwar.

Let’slearnmore …Google…Search…Goldilocks:

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |2

In 1837 RobertSoutheypublished"TheStoryoftheThreeBears".

In Southey'stale,threeanthropomorphicbears– "aLittle,Small,WeeBear,aMiddle-sizedBear,andaGreat,HugeBear"– livetogetherinahouseinthewoods.

Southeydescribes themasverygood-natured,trusting,harmless,tidy, andhospitable.

Eachbearhashisownporridgebowl,chair,andbed.

Onedaytheytakeawalk in thewoodswhiletheirporridgecools.

Anoldwoman(whoisdescribedatvariouspointsinthestoryasimpudent,bad,foul-mouthed,ugly,dirtyandavagrantdeservingofastintintheHouseofCorrection) discoversthebears'dwelling.

Shelooksthroughawindow,peepsthroughthekeyhole,andliftsthelatch.

Assuredthatnooneishome,shewalks in.

The oldwomaneatstheWeeBear'sporridge,thensettlesintohischairandbreaksit.

Prowlingabout,shefinds thebears'bedsandfallsasleepinWeeBear'sbed.

Theclimaxofthetaleisreachedwhenthebearsreturn.

WeeBearfindstheoldwomaninhisbedandcries,"Somebodyhasbeenlying inmybed,– andheresheis!"

Theoldwomanstartsup,jumpsfromthewindow,andrunsawaynevertobeseenagain.”

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |3

TwelveyearsafterthepublicationofSouthey'stale,JosephCundalltransformedtheantagonistfromanuglyoldwomantoaprettylittlegirlinhisTreasuryofPleasureBooksforYoungChildren.

Thelittlegirlsawasuccessionofnames,includingGoldilocks.HereiswhereBaseliiicomesin,whenthe olduglylady(Basel2)

becomesaprettygirl(Basel3)– Disclaimer:ThisishowIunderstood

it…

But…yes,WayneByres,SecretaryGeneraloftheBaselCommitteeonBankingSupervisionsaid:

“Goldilocksexploredthebears’house,testingtheporridge,thechairsandthebedsuntilshefoundthingsthatshethoughtwerejustright.”

Itisencoded!!!Pillar2,confidential.Let’sbreakit.

“Goldilocks(Basel3)exploredthebears’house(BearStearnsandotherbanks),testingtheporridge(internalmodels,thebutterandporridge onthebreadofconsultants),thechairs(fitandproperfortheboardandseniormanagement)andthebeds(bonuses)until(itwilltakeuntil2019totesteverything)shefoundthingsthatshethought(inBaselwehave“realisticassumptions”,notfacts)werejustright(finalBaseliiiimplementation,readyforBaseliv)”

Youcanlearnmore(aboutthespeech,notGoldilocks,atNumber3ofourlistbelow

WelcometotheTop10list.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |4

TheUKPrudentialRegulationAuthority(PRA)

On1April2013thePrudentialRegulationAuthority(PRA)willbecomeresponsiblefortheprudentialregulationandsupervisionofbanks,buildingsocieties,creditunions,insurersandmajorinvestmentfirms.

In totalthePRAwillregulatearound1,700financialfirms.

ThePRA’sroleisdefinedintermsoftwostatutoryobjectivestopromotethesafetyandsoundnessofthesefirmsand,specificallyforinsurers,tocontribute to thesecuringofanappropriatedegreeofprotectionforpolicyholders.

SemiannualMonetaryPolicyReporttotheCongress

SpeechbyMrBenSBernanke,ChairmanoftheBoard ofGovernorsoftheFederalReserveSystem,beforetheCommitteeonBanking,Housing,andUrban

Affairs,USSenate,WashingtonDC

WayneByres,SecretaryGeneralBaselCommitteeonBankingSupervision

SIMPLICITY,RISKSENSITIVITYANDCOMPARABILITY:THEREGULATORYBALANCINGACT

BCBS-EMEAP-FSIHigh-LevelMeeting, Seoul,Korea

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |5

ProtectingInvestorsthroughReliableAudits

JeanetteM.Franzel,BoardMember

WayneStateUniversity,GeorgeR.HusbandDistinguishedLectureSeries,Detroit,MI

“ThecreationofthePCAOBendedmorethan100yearsofself-regulationbythepublicaccountingprofessionintheU.S.,andestablishedtheBoard'sregulatoryframeworkforfirmsthatconductauditsofcompanieswhosesecuritiestradeontheU.S.markets.”

CounciloftheEuropeanUnion BaselIIIinEurope– CRD4

IrishPresidencyreachesbreakthroughonnewrulesforstrongerEUbanks

TheIrishPresidencyhasreachedabreakthroughin

talks withtheEuropean ParliamentonanoverhaulofbankingrulesincreasingEUfinancialstability.

UpdateonMeasurestoAddressUnrecordedFinancialFlows

BankNegaraMalaysia wouldlike toprovideanupdateonmeasuresthathavebeenundertakenbymembersofaHighLevelMulti-AgencySpecialTaskForce(TaskForce)to reduceillicitfinancialflows.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |6

PCAOBIssuesReporton2007-2010InspectionsofDomestic FirmsthatAudit100orFewerPublicCompaniesWashington,D.C.

The PublicCompanyAccountingOversightBoardtodayreleasedareportsummarizinginspectionobservationsidentifiedinthe2007 through2010inspectionsofU.S.firmsthataudited100orfewerpubliccompanies.

RemarksbyThomasJ.Curry

ComptrolleroftheCurrency

BeforetheNationalAssociationofAttorneysGeneralWashington,DC

NISTSolicitsViews, IdeasfromStakeholdersforCybersecurityFrameworkforCriticalInfrastructure

TheNationalInstituteofStandardsandTechnology(NIST)issuedaRequestforInformation(RFI)intheFederalRegisterasitsfirststepintheprocesstodevelopaCybersecurityFramework,asetofvoluntarystandardsandbestpracticestoguideindustryinreducingcyberriskstothenetworksandcomputersthatsupportcriticalinfrastructurevitaltothenation'seconomy,securityanddailylife.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |7

CRDIV

FSArefreshedstatementregardingCRDIVimplementation

TheoriginalproposeddeadlineforentryintoforceofthedraftEuropeanUnionlegislationtoupdatetheframeworkforcapitalrequirements,knownasCRDIV,hasnowpassed.

NegotiationsbetweentheEuropean Parliament,European CommissionandCouncilofMinisterstofinalisethelegislationarestillunderway.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |8

TheUKPrudentialRegulationAuthority(PRA)

On1April2013thePrudentialRegulationAuthority(PRA)willbecomeresponsiblefortheprudentialregulationandsupervisionofbanks,buildingsocieties,creditunions,insurersandmajorinvestmentfirms.

In totalthePRAwillregulatearound1,700financialfirms.

ThePRA’sroleisdefinedintermsoftwostatutoryobjectivestopromotethesafetyandsoundnessofthesefirmsand,specificallyforinsurers,tocontribute to thesecuringofanappropriatedegreeofprotectionforpolicyholders.

In promotingsafetyandsoundness,thePRAwillfocusprimarilyontheharmthatfirms cancause to thestabilityoftheUKfinancialsystem.

Astablefinancialsystemisoneinwhichfirmscontinuetoprovidecriticalfinancialservices– apreconditionforahealthyandsuccessfuleconomy.

ThePRAwillmakeforward-lookingjudgementsontherisksposedbyfirmsto itsstatutoryobjectives.

Thoseinstitutionsandissueswhichposethegreatestrisktothestabilityofthefinancialsystemwillbethefocusofitswork.

ThePRAwascreatedbytheFinancialServicesAct(2012)andwillbepartoftheBankofEngland.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |9

Itwillhaveclose workingrelationshipswith otherpartsoftheBank,includingtheFinancialPolicyCommitteeandtheSpecialResolutionUnit.

ThePRAwillworkalongsidetheFinancialConductAuthority(FCA)creatinga“twinpeaks”regulatorystructureintheUK.

TheFCAwillbeaseparateinstitutionandnotpartoftheBankofEngland.

TheFCAwillberesponsibleforpromotingeffectivecompetition,ensuringthatrelevantmarketsfunctionwell,andfortheconductregulationofallfinancialservicesfirms.

Thisincludesactingto preventmarketabuseandensuringthatconsumersgetafairdealfromfinancialfirms.

TheFCAwilloperatetheprudentialregulationofthosefinancialservicesfirmsnotsupervisedbythePRA,suchasassetmanagersandindependentfinancialadvisers.

Priorto1April2013,theFinancialServicesAuthority(FSA)willcontinuetoberesponsibleforprudentialandconductregulationintheUK.

TheBankofEnglandwillhavearesponsibilityforfinancialstability,basedonanamendedstatutoryobjectiveto protectandenhancethestabilityofthefinancialsystemoftheUnitedKingdom.

And,insupportofthisobjective,theFinancialPolicyCommittee(FPC)willbeestablishedwithin theBank,chargedwithidentifying,monitoringandtakingactiontoremoveorreducesystemicrisks.

TheFPC,whichalreadyexistsininterimform,willbeable tomake recommendationsandgivedirectionstothePRAandtheFCAonspecificactionsthatshouldbetakeninordertoachievetheFPC’sobjectives.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |10

Sourse:AndrewBailey,ExecutiveDirectoroftheBankofEnglandand ManagingDirectoroftheFinancialServicesAuthority’sPrudentialBusinessUnit,andSarahBreedenandGregoryStevensoftheBank’sPRATransitionUnit

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |11

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |12

  • Theletter

  • Dear

  • LatestupdateaswetransitiontothePrudentialRegulationAuthority(PRA)

  • Thislettergivesyoumoreinformationonwhatyouneedtodotobereadyfor‘legalcutover’(LCO)on1April2013.

  • ThePRA’sapproachto supervisionwasoutlinedinthetwoapproachdocuments– oneforinsurersandonefordeposit-takersandinvestmentfirms.

  • WewillpublishrevisedversionsofthesedocumentsatLCO,andthereafterthedocumentswillactasstandingreferencesforfirmsonthePRA’ssupervisoryapproach,keyPRApolicies,andhow we intendtomeetourstatutoryobjectives.

  • Below isanoverviewofthekeymessagesfromtheapproachdocuments:

  • ThePRAwillhavetwo statutoryobjectivestopromotethesafetyandsoundnessoffirmsandspecifictoinsurers,to contribute tosecuringanappropriatedegreeofprotectionforpolicyholders.

  • Astablefinancialsystem,thatisresilientinprovidingthecriticalfinancialservices theeconomyneeds,isanecessaryconditionforahealthyandsuccessfuleconomy.

  • ThePRAwillnotoperateazero-failureregime.

  • ThePRAwill, however,seekasfaraspossiblewithresolutionarrangementsinplace,toensurethatanyfirmsthatfaildosoinaway thatavoidssignificantdisruption to thesupplyofcriticalfinancialservices, includinganacceptabledegreeofcontinuityofcoverforpolicyholders;and

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |13

-ThePRA’sapproachto supervisionwillbeclearlybasedonjudgementratherthannarrowlyrules-based,Supervisoryjudgementswillbeforward-looking,takingintoaccountawiderangeofpossiblerisks tothePRA’sobjectives.

Theapproachdocuments canbeaccessedviatheFSAwebsite:

Banking

http://www.fsa.gov.uk/static/pubs/other/pra-approach-banking.pdf

Insurance

http://www.fsa.gov.uk/static/pubs/other/pra-approach-insurance.pdf

In December2012,Igaveashort interviewentitled“Anewapproachtofinancialsupervision:thePrudentialRegulationAuthority”whichcanbeviewedhere:

http://www.youtube.com/watch?v=yJDp1XY3DJM

Thefollowingisanupdateoncertainaspectsofthetransitionwherewecan now providegreaterclarity.

1.Changesinpolicy IndividualGuidance

ThePRAwillhaveadifferentregulatoryandsupervisoryfocusthantheFSA,includinganewsetofobjectivesandadifferentapproachtosupervision,assetoutintheapproachdocuments.

ThismeansthatguidancepreviouslyissuedtofirmsbyFSAsupervisorstoindividualfirmswillnothavebeenissuedwithPRAaimsandobjectivesinmind.

Therefore,apartfromthefourcategorieslistedbelow,FSAindividualguidancewillnotautomaticallybepermanentlytransitionedorconfirmed bythePRA.

Guidance tobetransitioned

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |14

Thefollowingfourcategoriesof‘individualguidance’willbeautomaticallytransitionedatLCO:

IndividualCapitalRequirementsGuidance,includingcapitalplanningbuffersforbanks and capitalguidanceissued to insurers

IndividualLiquidityGuidance

IndividualguidancegivenbytheFSAthatenablesafirmtomovefromahigherproportionalitytiertoalowerproportionalitytierasprovidedforintheFSA’s‘GeneralGuidanceonProportionality:TheRemunerationCode (SYSC19a)&Pillar3 disclosuresonremuneration(BIPRU11)’

GuidanceonthecompletionandsubmissionofRegulatoryReturns

OtherGuidance

Firmsshouldreviewallindividualguidanceandtheirassociated behaviourinaccordancewithsuchguidanceandassesstheappropriatenessofthatbehaviourinlinewiththePRA’sstatutoryobjectives.

FirmsshouldinmanycasesbeabletodothisbyexercisingjudgementandwithoutconsultingthePRA.

Firmsshoulddocumentthisreview.

Incertaincases,firmsmaywishtorequestthatthe PRA(FSAuntilLCO)reviewitemsofFSAindividualguidancewhichare:

Notincludedinthe categoriesidentifiedabove;and

Wherethefirmwishes thePRAtoexplicitlyconsiderandconfirmwhetherbehaviouroractionsinlinewiththatguidancewillremainappropriateinthePRA.

Thisisnotanopportunity to requestthatallpreviouslyissuedindividualguidanceshouldberetained.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |15

Betweennow and30September2013,firmsmaysubmitalistofthoseitemsofindividualguidancewhichtheywishthePRAtoreview,togetherwiththeir ownassessmentofwhetherthebehaviouroractionssetoutintheguidancewouldcontribute towardstheadvancementofthePRA’sobjectives.

Relationshipmanagedfirmsshouldsubmitrequestsforreviewtotheirsupervisor,andnon-relationshipmanagedfirmsshouldsubmitthemtotheCustomerConta[email protected][email protected]pril2013onwards.

FirmswillbeabletocontinuetorelyonguidancereferredforreviewuntilthePRAreachesadecisiononwhethertheguidanceremainsappropriateorotherwise.

Supervisorswillconfirmthetimetableforthereviewfollowingthesubmissionofthefirm’slist;reviewswillbecompletednomorethan18monthsafterLCO.

OurjudgementandanyresultingresponsethatwegivetoafirmwillfocusontheadvancementofthePRA’sobjectives.

Anyguidancethatisnotreferred tothe PRAforreviewwillceasetohaveanystatusasformalPRAindividualguidancefrom30September2013.

Thisdoesnotmeanthatfirmsshouldautomaticallychangetheirbehaviour.

Iffirmsdeemthattheirbehaviourisappropriate,theyshouldcontinuetoactinthatway.

Iffirmsdecidetoaltertheirbehaviour,now or inthefuture,theyshould discussthiswiththeirsupervisor,in linewithPrinciple11.

Thisapproachtoindividualguidancedoesnotchangerecentassessmentsoftherisksthatweseeasbeingposedbyafirm’sbusiness.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |16

In particular,westillexpectRisk MitigationPlanpoints(reflectingtheFSA’sobjectives)outlinedinpreviousARROWletterstobeconcluded,wherewejudgethattheywillcontributetoadvancingthePRA’sobjective.

ExistingwaiverswillalsobeautomaticallytransitionedtothePRA.

ThresholdConditions

TheexistingFSAThresholdConditionswillbereplacedintheirentiretybytheThresholdConditionsbeing introducedbyHMTviasecondarylegislationpursuant to theFinancialServicesAct2012.

TheThresholdConditionsintheorderthathasbeenlaidbeforeparliamentareessentiallyintheformHMTconsultedoninOctober2012.

Thenewconditionswilltakeeffect atthesametimeastherestoftheamendmentstoFSMAareintroduced,on1April2013,forbothexistingauthorisedfirmsandall in-flightcases.

The FinancialServicesandMarketsAct(ThresholdConditions)Order 2013,aslaidbeforeparliament,canbeviewedat:http://www.legislation.gov.uk/ukdsi/2013/9780111533802/pdfs/ukdsi_9780111533802_en.pdf

2.InteractionwiththePRAPRAwebpresence

AnewwebpageforthePRAisnowavailableontheBankofEnglandwebsiteatwww.bankofengland.co.uk/pra

ThiswillbethewebaddressthatfirmsshouldusefromLCO.

AtthisstagefirmscanfindabriefintroductiontothePRAonthewebsite.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |17

Corporate information“AboutthePRA”willbeaddedandpagesonpolicy andPRAnewsandeventswillbepublished.

ThecoreoperationalinformationonauthorisationsandsupervisionwillbepublishedatLCO.

Firmsarewelcometosendfeedback includingcommentsandideasaboutthePRAwebpresence to [email protected]

FirmEnquiries

TheOctober2012approachdocumentsexplainedthatfirmswhodonothaveadedicatedsupervision teamshouldusetheFirmEnquiresFunctionastheirfirstpointofcontactwiththePRA.

ThePRAFirmEnquirieswillbeoperationalfrom2April2013anditscontactdetailsare:

Telephonenumber02034617000(operatinghours9:00– 17:00)[email protected]

TheFSAcontactcentremust beusedforallenquiriesupto2April2013.

However,duringMarchsomecalls tothecontactcentrewillbetransferredtothePRA’sFirmEnquiries,in preparationfortakingfirm’senquiriesatLCO.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |18

PublicationofthePRAHandbook

Aspreviouslystated,atLCO,certainprovisionsfromtheFSAHandbookwillbesplitbetweentheFCAandthePRA.

TwonewHandbookswillbecreated:oneforthePRAandonefortheFCA.

MostprovisionsintheFSAHandbookwillbeincorporatedintothePRA’sHandbook,theFCA’sHandbook,orboth,inlinewitheachnewregulator’ssetofresponsibilities.

Theintentionis to publishthePRAHandbookinMarch2013.

AfterLCO,thePRAwillamendits ownsuiteof policymaterialasanindependentbodyinaccordancewiththeprocesseslaiddown in theFinancialServicesAct2012,includingcooperationwiththeFCAandexternalconsultation.

EnforcementConsultation

WepublishedtheconsultationonthePRA'sapproachto enforcement,includingproposedstatutorystatementsofpolicy andprocedure,on20December2012.

TheconsultationisontheFSAwebsite,wewelcomeanycommentsontheproposalsby28February2013.

http://www.fsa.gov.uk/library/policy/cp/2012/12-39.shtmlAttachedisasetofupdatedFAQsandadditionalinformation.

Yourssincerely

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |19

FAQsontransitiontothePRA

1.Generalquestions

AtwhatstageistheFinancialServicesBill?

The FinancialServicesBillreceivedRoyalAssenton19December2012andbecametheFinancialServicesAct2012(TheAct).

SomesectionsofTheAct–cameintoforceon23January2013,inordertoenabletheTreasurytomakesecondarylegislation,andtoensurethatthenewregulatorscanpreparefortheirrespectiverolespostlegalcutover.

Therestoftheprovisionsrelatingtothenewregulatoryregimewillcomeintoforceon1April,thedatedesignatedforlegalcutovertothenew structure.

TheActwillbesupportedbysecondarylegislationandTreasuryhasconsultedonanumberofdraftorderswhichwillneedtobemadepriortolegalcutover.

TheordersdetailingthenewThresholdConditions,allocatingresponsibilityformakingrulesinrelationto FSCSbetweentheFCAandthePRA,amendingcertainmutualslegislation,determiningwhichtypesofholdingcompanytheregulatorsnewpowersoverqualifyingparentundertakingsapplytoandspecifyingwhichregulatedactivitieswillbesubjecttothePRA’sregulationhavealreadybeenlaidbeforeParliamentandareexpected tobeapprovedbybothhousesbymid-March.

http://www.legislation.gov.uk/ukdsi/2013/9780111533802/pdfs/ukdsi_9780111533802_en.pdf

HowwillthePRAdeterminewhichinvestmentfirmsshouldbedesignatedforprudentialregulationbythePRA?

WepublishedadraftstatementofpolicyonthedesignationofinvestmentfirmsbythePRAinOctober2012:http://www.fsa.gov.uk/static/pubs/cp/boe-pra-cp.pdf

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |20

ThepolicystatementandthefirmstobedesignatedbythePRAwillbefinalisedahead oflegalcutover.

ShouldIcontinuetosubmitmyreturnthroughGABRIEL?

ThePRAwillhaveitsowndatacollectionandqualityassuranceteam– theRegulatoryDataGroup-whichwilltakeoverthePRAregulatorydatarelatedworkpreviouslyundertakenbytheFSA’sDataMonitoringTeam(theFSA’scentraldata collectionteam).

ForfirmswhoreportregulatorydataviaGABRIELtherewillbenochange to thisreportingandyouwillcontinuetousetheGABRIELsystemtoreportasyoudonow.

GABRIELwillbeoperatedbyFCA.Firmsare tocontinuetousetheircurrentURLandlogindetailstoaccessthesystem.

Theexistingdataitemswillremainwithonlyminorchangestothewording.

Anytechnicalqueries aboutthesystemshouldberaisedwiththeFCAContactCentreon08456069966o[email protected]

WhereshouldIsubmitmyfirm’semail/paperreturns?

Forfirmswhoreportregulatorydataviaemailor inhardcopy(paper)moredetailofwheretosubmityourreturnswillbeprovidedonthePRA’sinternetsitewww.bankofengland.co.uk/prasoon.

Wherefirmsprovidedatadirectlyto FSAsupervisorsorpolicyteams,youwillcontinuetodosoafterLCO.

If,afterLCO,youareunsurewheretoreportdata,pleasefirstlycheckthePRA’sinternetsiteunderthesectiononregulatorydataorcontactPRA’sFirmEnquiries.

Contactdetailswillbe:Telephonenumber02034617000

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |21

[email protected]

WhenwillthePRAreleasefurthercontactdetails/newaddress?

Movesto20Moorgatearetakingplaceinstages,havingstartedinearlyJanuary2013.

Below isatablelistingthemovedatesforeachdivision:

Supervisorswillconfirmoutstandingcontactdetailssuchastelephonenumbers,emailaddressesandemailaddressesaroundtheirmovedates.

ForfirmswithPGPencryptedkeys,communicationonnewaccesscodeswillalsobeincluded.

WilltheFCAandPRAhaveseparateregisters?

TherewillbeoneregistermaintainedbytheFCA.Itwillbeavailabletoallfirms,reflectingthepositionofboththePRAandtheFCA.

WillIretainthesameregistrationnumber?

Yes.YourFSAnumberswillbecarriedacross tothenewRegister.

WilltherebeaPractitionerPanel?

Yes.ThePRAwillestablishaPractitionerPanel.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |22

2.Authorisationsandtransitionalarrangements

Whatwillhappentoourexistingpermissionsandwaivers?

Transitionalarrangementsfor‘grandfathering’existingprovisionsaredependentonsecondarylegislation.

Weare indiscussionwithHMTreasury,withaviewtothelegislation providingthatexistingPartIVpermissions,controlledfunctions,passports,limitationsandrequirementsaregrandfatheredwithouttheneedforafirm to take action.

Exactdetailsofgrandfatheringarrangementswillbefinalisedoncesecondarylegislationhasbeenpublished.

Wealsopublishedmoredetailontransitionalarrangementsforapprovedpersons,andonHandbooktransitionalsmoregenerally,on25JanuaryinCP13/3

http://www.fsa.gov.uk/library/policy/cp/2013/13-03.shtml

WhathappensifweareapplyingforaneworvariedpermissionorwaiversovertheperiodincludingLCO?

ThePRAwillensurethatapplications totheFSAthataremadebeforelegalcutoverbutnotdetermineduntilafterlegalcutoveraretransitionedtotheappropriateregulatorandmadeagainsttheappropriatestatutorytests.

Exactdetailsof‘in-flight’authorisationarrangementswillbefinalisedoncesecondarylegislationhasbeenpublished.

WhenwillweknowthefinalchangesbeingmadetotheApprovedPersonsregime?

ThereismoredetailonourapprovedpersonregimeinourApproachDocumentsandintheconsultationpaper(CP12/26)coveringchanges totheapprovedpersonsHandbooksections.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |23

Thispapercanbeaccessedhere:http://www.fsa.gov.uk/library/policy/cp/2012/12-26.shtml

ConsultationforCP12/26closedon7December2012,wearecurrentlyreviewingtheproposals in lightofresponses to theconsultationandexpectthefinalPRArulesonapprovedpersons tobemadebythePRABoardatoraroundLCO,when othersubstantivechangestotheHandbookwillalsobemade,and accompanyingPolicyStatementsissued.

Pleaseseesection4‘Policy Material’below formoredetailonfinalisingthePRAHandbook.

Wealsopublishedmoredetailontransitionalarrangementsforapprovedpersonson25thJanuary inCP13/3

http://www.fsa.gov.uk/library/policy/cp/2013/13-03.shtml

Willthenewthresholdconditionsbemorespecific?

HMTreasuryhaspublishedindicativethresholdconditions.Dualregulatedfirmswillneed tomeettwosetsofconditions,onesetfromthePRAandonesetfromtheFCA.

ForthePRAtherewillbethresholdconditionsspecific to insurersandthresholdconditionsforallotherfirmsregulatedbythePRA.

http://www.hm-treasury.gov.uk/d/condoc_fin_regulation_draft_secondary_leg.pdf

WillauthorisationandthedifferentapprovalprocessestakemoreorlesstimewiththePRA?

Thestatutorytimelimitonauthorisationsin FSMAwillremainunchangedafterlegalcutover.

ThePRAwillreportagainststatutorytimelimits.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |24

ShouldIcontinuetouseONAafterlegalcutover?

ImmediatelyafterLCO,theONAsystemwillcontinuetobeusedforthesubmissionofapplicationsandnotifications,withsomeminorchangestoreflectthatitwillbeownedbytheFCA,butaccessibletobothregulators.

Willfirmsstillberequiredtodisclosewhotheyareauthorisedandregulatedby?

Yes.Wehaveconsultedonrevisedwordingofthisstatusdisclosureandaproposedtransitional,aspartofconsultationonHandbookchanges.Thepapercanbeaccessedhere:

http://www.fsa.gov.uk/library/policy/cp/2012/12-24.shtml

WillIberequiredtoresubmitanyinformationornotificationsthataresubmittedjustbeforeLCO?

No.Anysubmissionsor informationreceivedpriortoLCOwillnotneedtoberesubmitted.

CP13/3outlinesHandbooktransitionalprovisionsrelatedtoinformationsubmissions.

HowwillIknowwheretosendinformationornotificationsafterLCO?

Whereinformationornotificationsarerequiredunderarule,theappropriatesubmissiondetailswillbeupdatedinthePRA’srulesoronthePRAwebsite.

CP13/3setsoutmore informationin relation to thetransitionoftimelimitsandnotificationrequirementsintherulebook.

3.Supervision

WhatisthePRA'sapproachtosupervision?

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |25

ThePRA’sapproachto supervisionwasoutlinedinthetwoPRA‘approach’documents– onefordeposit-takersandinvestmentfirms,oneforinsurers– initiallypublishedinOctober2012tofacilitatescrutinyofthePRA’sproposedapproachastheFinancialServicesBillpassedthroughParliament.

Thedocumentsalsosetoutsomekeypolicy materialforfirms.

Wewillpublishupdatedversionsatlegalcutover,andthereafterthedocumentswillactasstandingreferencesforfirmsonthePRA’ssupervisoryapproach,keyPRApolicies,andthePRA’sstatutoryobjectives.

WhenwillmylastFSAriskassessmentvisitbe?

WearecurrentlyplanningthetransitionfromtheFSA’sriskassessmentframeworktothePRAframework.

Firmswillbenotifiedofhowtheirsupervisionwillbetransitioned to‘continuousassessment’fromtheRegulatoryPeriodpreviously indicatedinanARROWorSupervisoryAssessmentletter.

ThenewSupervisoryAssessmentFrameworkwillbeacontinuousassessmentmodel,focusingonjudgementsaboutkeyriskstothePRA’sobjectives.

FormoredetailrefertotheApproachDocuments.

WhenwillIknowwhichcategorymyfirmfallsinto?

AcorepartofthePRA’sworkwillbetoassessthesignificanceofafirmtoitsobjectives.

Withthisinmindwehavedividedallfirmsintofive‘categories’ofimpact.

BeforeLCOwewillwritetofirmsnotifyingthemoftheir categorisation.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |26

WillmyfirmstillberequiredtocomplywithFSARiskMitigationProgramme(RMP)items?WhatwillhappentoRMP?

WehavestreamlinedthenumberofactionsintheRMP andsplitthemintoconductandprudentialactions.

YoursupervisorwillhavecommunicatedwithyourfirmtoconfirmtheoutstandingRMP actions,andyourfirmisaccountable to therelevantregulatorfortheirresolution.

WhowillbemyPRAsupervisor?

Oneofthemajorchangeswemadein2012wastoestablishprudentialandconductsupervisionteamsfordualregulatedfirms.

YoushouldnowbeawareofyourPRAsupervisor.

IfyouhavenotbeenallocatedasupervisoryoushouldcontinuetocontactusthroughtheFSAContactCentre.

AtLCOthePRAwillhaveits ownFirmEnquires,contactdetailswillbe:Telephonenumber02034617000

[email protected]

[email protected]pply?

BoththeindividualcapitalguidanceandindividualliquidityguidanceissuedbytheFSAtoPRA-regulatedfirmswillcontinuetoapply.

HowwillEuropeanandotherpolicyinitiativessuchasSolvencyIIandCRDIVaffectthePRA’ssupervisionmodel?

Informationabouthow theinteractionofsuchinitiativeswillaffect thePRA’sapproachwillbemadeavailableaspartoftheimplementationofthesepolicies.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |27

Policymaterial

HowwillthePRAissuepolicymaterialafterLCO?

ThePRAApproachDocumentssetoutthatthePRAwillestablishandmaintainpublishedpolicymaterialwhichisconsistentwithitsobjectives,clearinintent,straightforwardinpresentationandasconciseaspossible.

AssetoutinourDecemberletter,onlyalimited amountofFSAnonHandbookguidancewillbetransferredtothePRA.

In addition,theletteraccompanyingtheseFAQssetsoutindetailourapproachtoFSA IndividualGuidanceandtheactionrequiredbyfirms.

Feesandcosts

WillthecurrentfeestructurebeadoptedbythePRA?

Firm’scurrentfeeswillseethemthroughthisfeeperiod.ForthefirstfeeyearunderthePRA(expectedtobe2013/14)thePRAfeesstructurewillbebasedonadaptingthecurrentstructure,makingonly thenecessarychangestoaccommodatedual-regulation.

Theseproposedchangesareinthefeespolicy ConsultationPaper(CP12/28)

http://www.fsa.gov.uk/static/pubs/cp/cp12-28.pdf

Howwillfeesbesetnextyear?

ForthefirstyearunderthePRA(expectedtobe2013/14)thePRAfeeswillbeset to recovertheannualfundingrequirementitneedsto meetitsstatutoryobjectives.

ThisfundingrequirementandthefeeratestorecoverwillbeincludedinthePRAfeesratesConsultationPaper(CP)expectedtobepublishedinApril2013.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |28

HowiscreatingthePRAgoingtobepaidfor?

ThefeesthatwechargefirmsfundtheFSAandthetransitionworkthatwearedoingforthenewregulator.

Wehavesetouttheregulatoryreformcostsinthisyear’sbusinessplan.

TheActmakesprovisionforthePRAtorecover,fromtheindustry,theregulatoryreformtransitioncostsoftheFSAandtheBankofEngland.

6.Co-ordinationwiththeFinancialConductAuthority

OnwhatbasiswilltheFinancialConductAuthority(FCA)andthePrudentialRegulationAuthority(PRA)worktogether?

ThedraftMemorandumofUnderstanding(MoU)betweentheFCAandthePRAsetsoutahighlevelframeworkforhow thetwo regulatorswillworktogetherwithinthenewregulatorysystemprovidedforbytheAct.

Itwillbevitalthatthetwo authoritiespursuetheir ownmandates,respectingtheUK’sTwinPeakssupervisorysystem.

Butitwillalsobeessentialthattheycoordinate activitiesinsomeareas,andcooperateinothers.

TheMoUsetsoutthesearrangementstohelpensuretheyareeffectiveandefficient.

TherewillalsobeaseparateMoUcoveringthespecific issuesraisedbythejointregulationofwith-profitsinsurancecontracts.

BoththeFCAandPRAarevisitingusnextyear,howdoyouintendtoseparatethetwoareas?

TheFCAandPRAaretwo differentregulatorslookingatdifferentaspectsofthebusiness,althoughthereisarequirement to shareinformation.DetailoftheFCAandthePRA’sassessmentsandexpectationsoffirmsaresetoutintherespectiveApproachDocuments

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |29

  • Current&forthcomingpublications

  • Thereareavarietyofpublicationsthatfirmsshouldbeawareof,including:

    • Banking-TheBankofEngland,PrudentialRegulationAuthorityapproachdocumenttobankingsupervision

  • http://www.fsa.gov.uk/static/pubs/other/pra-approach-banking.pdf

    • Insurance -TheBankofEngland,PrudentialRegulationAuthorityapproachdocumenttoinsurancesupervision

  • http://www.fsa.gov.uk/static/pubs/other/pra-approach-banking.pdf

    • DesignationofinvestmentfirmsbythePRA-thisdocumentsetsouthowthePRAwillexercisethepowersthatwillbeconferredunderFSMA2000,Order201(thedraftOrder).

  • http://www.fsa.gov.uk/static/pubs/other/designation.pdf

  • DraftMemorandaofUnderstanding(MoU)

    • DraftMoUbetweentheFCAandthePRAhttp://www.fsa.gov.uk/static/pubs/mou/fca_pra.pdf

    • DraftWith-ProfitsMoUbetweentheFCAandthePRA

  • http://www.fsa.gov.uk/static/pubs/mou/draft-with-profits.pdf

    • DraftMoUbetweenthePRAandtheFSCShttp://www.fsa.gov.uk/static/pubs/mou/fca_pra.pdf

    • DraftMoUbetweentheHMT,Bank,PRAandFCAoninternationalorganisations

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |30

http://www.hm-treasury.gov.uk/d/fin_fs_bill_mou_international_organisations_jan2012.pdf

-MoUbetweenHMT,Bank(includingthePRA)onfinancialcrisis management

http://www.hm-treasury.gov.uk/d/fin_fs_bill_mou_financial_crisis_management_jan2012.pdf

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |31

SemiannualMonetaryPolicyReporttotheCongress

SpeechbyMrBenSBernanke,ChairmanoftheBoard ofGovernorsoftheFederalReserveSystem,beforetheCommitteeonBanking,Housing,andUrbanAffairs,USSenate,WashingtonDC

***

ChairmanJohnson,RankingMemberCrapo,and othermembersoftheCommittee,IampleasedtopresenttheFederalReserve’ssemiannualMonetaryPolicy Report.

Iwillbeginwithashortsummaryofcurrenteconomicconditionsandthendiscuss aspectsofmonetaryandfiscalpolicy.

Currenteconomicconditions

SinceIlastreportedtothisCommitteeinmid-2012,economicactivityintheUnitedStateshascontinuedtoexpandatamoderateifsomewhatunevenpace.

In particular,realgrossdomesticproduct(GDP)isestimatedto haverisenatanannualrateofabout3percentinthethirdquarterbut tohavebeenessentiallyflatinthefourthquarter.

ThepauseinrealGDP growthlastquarterdoesnotappeartoreflectastalling-outoftherecovery.

Rather,economic activitywastemporarilyrestrainedbyweather-relateddisruptionsandbytransitorydeclinesinafewvolatilecategoriesofspending,evenasdemandbyU.S.householdsandbusinessescontinuedtoexpand.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |32

Availableinformationsuggeststhateconomicgrowthhaspickedupagainthisyear.

Consistentwiththemoderatepaceofeconomicgrowth,conditionsinthelabormarkethavebeenimprovinggradually.

SinceJuly,nonfarmpayrollemploymenthasincreasedby175,000jobspermonth onaverage,andtheunemploymentratedeclined0.3percentagepointto7.9percentoverthesameperiod.

Cumulatively,private-sectorpayrollshavenowgrownbyabout6.1millionjobssincetheirlowpointinearly2010,andtheunemploymentratehasfallenabitmorethan2percentagepointssinceits cyclicalpeak inlate2009.

Despitethesegains,however,thejobmarketremainsgenerallyweak,withtheunemploymentratewellaboveitslonger-runnormallevel.

About4.7millionoftheunemployedhavebeenwithoutajobforsixmonthsormore,andmillionsmorewouldlike full-timeemploymentbutareable to findonlypart-timework.

Highunemploymenthassubstantialcosts,includingnotonlythehardshipfacedby theunemployedandtheirfamilies,butalsotheharmdone tothevitalityandproductivepotentialofoureconomyasawhole.

Lengthyperiodsofunemploymentandunderemploymentcanerodeworkers'skillsandattachment tothelaborforceorpreventyoungpeoplefromgainingskillsandexperiencein thefirstplace– developmentsthatcouldsignificantlyreducetheirproductivityandearningsinthelongerterm.

Thelossofoutputandearningsassociatedwithhighunemploymentalsoreducesgovernmentrevenuesandincreasesspending,therebyleadingtolargerdeficitsandhigherlevelsofdebt.

Therecentincreaseingasolineprices,whichreflectsbothhighercrudeoilpricesandwiderrefiningmargins,ishittingfamilybudgets.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |33

However,overallinflationremainslow.

Overthesecondhalfof2012,thepriceindexforpersonalconsumptionexpendituresroseatanannualrateof1-1/2percent,similartotherateofincreaseinthefirsthalfoftheyear.

Measuresoflonger-terminflationexpectationshaveremainedinthenarrow rangesseenoverthepastseveralyears.

Againstthisbackdrop,theFederalOpenMarketCommittee

(FOMC)anticipatesthatinflationoverthemediumtermlikelywillrunatorbelowits2percentobjective.

Monetarypolicy

Withunemploymentwellabovenormallevelsandinflationsubdued,progresstowardtheFederalReserve’smandatedobjectivesofmaximumemploymentandpricestabilityhasrequiredahighlyaccommodativemonetarypolicy.

Undernormalcircumstances,policyaccommodationwouldbeprovidedthroughreductionsintheFOMC’stargetforthefederalfundsrate– theinterestrateonovernightloansbetweenbanks.

However,asthisratehasbeenclosetozerosinceDecember2008,theFederalReservehashadtousealternativepolicytools.

Thesealternative toolshavefallenintotwo categories.

Thefirstis“forwardguidance”regardingtheFOMC’santicipatedpathforthefederalfundsrate.

Sincelonger-terminterestratesreflectmarketexpectationsfor

shorter-termratesovertime,ourguidanceinfluenceslonger-termratesandthussupportsastrongerrecovery.

Theformulationofthisguidancehasevolvedovertime.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |34

BetweenAugust2011andDecember2012,theCommitteeusedcalendardates to indicatehowlongitexpectedeconomicconditionstowarrantexceptionallylow levelsforthefederalfundsrate.

AtitsDecember2012meeting,theFOMCagreed toshift toprovidingmoreexplicitguidanceonhow itexpectsthepolicy rate to respondtoeconomicdevelopments.

Specifically,theDecemberpostmeetingstatementindicatedthatthecurrentexceptionallylow rangeforthefederalfundsrate“willbeappropriateatleastaslongastheunemploymentrateremainsabove

6-1/2percent,inflationbetweenoneandtwoyearsahead isprojected tobenomorethanahalfpercentagepointabovetheCommittee’s2percentlonger-rungoal,andlonger-terminflationexpectationscontinuetobewellanchored.”

Anadvantageofthenewformulation,relative to thepreviousdate-basedguidance,isthatitallowsmarketparticipantsandthepublicto updatetheirmonetarypolicyexpectationsmoreaccuratelyinresponsetonewinformationabouttheeconomicoutlook.

ThenewguidancealsoservestounderscoretheCommittee’sintentiontomaintainaccommodationaslongasneededtopromoteastrongereconomicrecoverywithstableprices.

Thesecondtypeofnontraditionalpolicy toolemployedbytheFOMCislarge-scalepurchasesoflonger-termsecurities,which,like ourforwardguidance,areintendedtosupporteconomicgrowthbyputtingdownwardpressureonlonger-terminterestrates.

TheFederalReservehas engagedinseveralroundsofsuchpurchasessincelate2008.

LastSeptembertheFOMCannouncedthatitwouldpurchaseagencymortgage-backedsecuritiesatapaceof$40billionpermonth,andinDecembertheCommitteestatedthat,inaddition,beginninginJanuaryitwouldpurchaselonger-termTreasurysecuritiesataninitialpaceof$45billionpermonth.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |35

Theseadditionalpurchasesoflonger-termTreasurysecuritiesreplacethepurchaseswewereconductingunderournow-completedmaturityextensionprogram,whichlengthenedthematurityofoursecuritiesportfoliowithoutincreasingitssize.

TheFOMChasindicatedthatitwillcontinuepurchasesuntilitobservesasubstantialimprovementintheoutlookforthelabormarketinacontextofpricestability.

TheCommitteealsostatedthatindeterminingthesize,pace,andcompositionofitsassetpurchases,itwilltakeappropriate accountoftheirlikelyefficacyandcosts.

In otherwords,aswithallofitspolicydecisions,theCommitteecontinues to assessitsprogramofassetpurchaseswithinacost-benefitframework.

In thecurrenteconomicenvironment,thebenefitsofassetpurchases,andofpolicy accommodationmoregenerally,areclear:

Monetarypolicyisprovidingimportantsupporttotherecoverywhilekeepinginflationclose to theFOMC’s2percentobjective.

Notably,keepinglonger-terminterestrateslowhashelpedsparkrecoveryinthehousingmarketandledtoincreasedsalesandproduction ofautomobilesandotherdurablegoods.

Byraisingemploymentandhouseholdwealth– forexample,through higherhomeprices– thesedevelopmentshaveinturnsupportedconsumersentimentandspending.

Highlyaccommodativemonetarypolicyalsohasseveralpotentialcostsandrisks,whichtheCommitteeismonitoringclosely.

Forexample,iffurtherexpansionoftheFederalReserve’sbalancesheetweretounderminepublicconfidenceinourabilitytoexitsmoothlyfromouraccommodativepoliciesattheappropriatetime,inflation

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |36

expectationscouldrise,puttingtheFOMC’sprice-stabilityobjectiveat risk.

However,theCommitteeremainsconfidentthatithasthetoolsnecessary totightenmonetarypolicy whenthetimecomes todoso.

AsInoted,inflationiscurrentlysubdued,andinflationexpectationsappearwellanchored;neithertheFOMCnorprivateforecastersareprojectingthedevelopmentofsignificantinflationpressures.

AnotherpotentialcostthattheCommitteetakesveryseriouslyisthepossibilitythatverylowinterestrates,ifmaintainedforaconsiderabletime,couldimpairfinancialstability.

Forexample,portfoliomanagersdissatisfiedwithlowreturnsmay“reachforyield”bytakingonmorecreditrisk,durationrisk,orleverage.

Ontheotherhand,somerisk-taking– suchaswhenanentrepreneurtakes outaloan to startanewbusinessoranexistingfirmexpandscapacity– isanecessaryelementofahealthyeconomicrecovery.

Moreover,althoughaccommodativemonetarypoliciesmayincreasecertaintypesofrisk-taking,inthepresentcircumstancestheyalsoserveinsomewaystoreduceriskinthesystem,mostimportantlybystrengtheningtheoveralleconomy,butalsobyencouragingfirmstorely moreonlongertermfunding,andbyreducingdebtservicecostsforhouseholdsandbusinesses.

In any case,theFederalReserveisrespondingactivelytofinancialstabilityconcernsthroughsubstantiallyexpandedmonitoringofemergingrisksinthefinancialsystem,anapproach tothesupervisionoffinancialfirmsthattakes amoresystemicperspective,andtheongoingimplementationofreformstomakethefinancialsystemmoretransparentandresilient.

Althoughalongperiodoflow ratescouldencourageexcessiverisk-taking,andcontinuedcloseattention to suchdevelopmentsis

certainlywarranted,to thispointwedonotseethepotentialcostsofthe

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |37

increasedrisk-taking in somefinancialmarketsasoutweighingthebenefitsofpromotingastrongereconomicrecoveryandmore-rapidjobcreation.

AnotheraspectoftheFederalReserve’spoliciesthathasbeendiscussedistheirimplicationsforthefederalbudget.

TheFederalReserveearnssubstantialinterestontheassetsitholdsinitsportfolio,and,otherthantheamountneededtofundourcostofoperations,all netincomeisremittedtotheTreasury.

WiththeexpansionoftheFederalReserve’sbalancesheet,yearlyremittanceshaveroughlytripledinrecentyears,withpaymentstotheTreasurytotalingapproximately$290billionbetween2009and2012.

However,iftheeconomycontinuestostrengthen,asweanticipate,and policy accommodationis accordinglyreduced,theseremittanceswouldlikelydeclineincomingyears.

FederalReserveanalysisshowsthatremittancestotheTreasurycouldbequitelowforatimeinsomescenarios,particularlyifinterestratesweretorisequickly.

However,eveninsuchscenarios,itishighlylikelythataverageannualremittancesovertheperiodaffectedbytheFederalReserve’spurchaseswillremainhigherthanthepre-crisisnorm,perhapssubstantiallyso.

Moreover,totheextentthatmonetarypolicy promotesgrowthandjobcreation,theresultingreductioninthefederaldeficitwoulddwarfanyvariationintheFederalReserve’sremittances to theTreasury.

Thoughtsonfiscalpolicy

Althoughmonetarypolicy isworkingtopromoteamorerobustrecovery,itcannotcarrytheentireburdenofensuringaspeedierreturn toeconomichealth.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |38

Theeconomy’sperformancebothovertheneartermandinthelongerrunwilldependimportantlyonthecourseoffiscalpolicy.

ThechallengefortheCongressandtheAdministrationistoputthefederalbudgetonasustainablelong-runpaththatpromoteseconomicgrowthandstabilitywithoutunnecessarilyimpedingthecurrentrecovery.

Significantprogresshasbeenmaderecentlytowardreducingthefederalbudgetdeficitoverthenextfewyears.

TheprojectionsreleasedearlierthismonthbytheCongressionalBudget Office(CBO)indicatethat,undercurrentlaw,thefederaldeficitwillnarrowfrom7percentofGDPlastyearto2-1/2percentinfiscalyear2015.

Asaresult,thefederal debt heldbythepublic(includingthatheld bytheFederalReserve)isprojectedtoremainroughly75percentofGDPthroughmuchofthecurrentdecade.

However,asubstantialportionoftherecentprogressinloweringthedeficithasbeenconcentratedinnear-termbudget changes,which,takentogether,couldcreateasignificantheadwindfortheeconomicrecovery.

TheCBOestimatesthatdeficit-reductionpoliciesincurrentlawwillslowthepaceofrealGDP growthbyabout1-1/2percentagepointsthisyear,relativetowhatitwouldhavebeenotherwise.

AsignificantportionofthiseffectisrelatedtotheautomaticspendingsequestrationthatisscheduledtobeginonMarch1,which,accordingtotheCBO’sestimates,willcontributeabout0.6percentagepointtothefiscaldragoneconomicgrowththisyear.

Giventhestill-moderateunderlyingpaceofeconomicgrowth,thisadditionalnear-termburdenontherecoveryissignificant.

Moreover,besideshavingadverseeffectsonjobsandincomes,aslower recoverywouldleadtolessactualdeficitreductionintheshortrunforanygivensetoffiscalactions.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |39

Atthesametime,anddespiteprogressinreducingnear-termbudgetdeficits,thedifficultprocessofaddressinglonger-termfiscalimbalanceshasonlybegun.

Indeed,theCBOprojectsthatthefederaldeficitanddebtasapercentageofGDP willbeginrisingagaininthelatterpartofthisdecade,reflectinginlargeparttheagingofthepopulationandfast-risinghealth-carecosts.

Topromoteeconomicgrowthinthelongerterm,and topreserveeconomicandfinancialstability,fiscalpolicymakerswillhave to putthefederalbudgetonasustainablelong-runpaththatfirststabilizestheratiooffederaldebttoGDP and,giventhecurrentelevatedlevelofdebt,eventuallyplacesthatratioonadownwardtrajectory.

Between1960andtheonsetofthefinancialcrisis,federaldebt averagedlessthan40percentofGDP.

Thisrelativelylow levelofdebtprovidedthenationmuch-neededflexibilitytomeettheeconomicchallengesofthepastfewyears.

ReplenishingthisfiscalcapacitywillgivefutureCongressesandAdministrationsgreaterscopetodealwithunforeseenevents.

Toaddressboththenear-andlonger-termissues,theCongressandtheAdministrationshouldconsiderreplacingthesharp,frontloaded spendingcutsrequiredby thesequestrationwithpoliciesthatreducethefederaldeficitmoregraduallyintheneartermbutmoresubstantiallyinthelongerrun.

Suchanapproachcouldlessenthenear-termfiscalheadwindsfacingtherecoverywhilemoreeffectivelyaddressingthelonger-termimbalancesinthefederalbudget.

Thesizesofdeficitsanddebtmatter,ofcourse,butnotalltaxandspendingprogramsarecreatedequalwithrespect to theireffectsontheeconomy.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |40

Tothegreatestextentpossible,intheireffortsto achievesoundpublicfinances,fiscalpolicymakersshouldnotlosesightoftheneedforfederaltaxandspendingpoliciesthatincreaseincentives to workandsave,encourageinvestmentsinworkforceskills,advanceprivatecapitalformation,promoteresearchanddevelopment,andprovidenecessaryandproductivepublicinfrastructure.

Althougheconomicgrowthalone cannoteliminatefederalbudgetimbalances,ineithertheshortorlongerterm,amorerapidlyexpandingeconomicpiewilleasethedifficultchoicesweface.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |41

WayneByres,SecretaryGeneralBaselCommitteeonBankingSupervision

SIMPLICITY,RISKSENSITIVITYANDCOMPARABILITY:THEREGULATORYBALANCINGACT

BCBS-EMEAP-FSIHigh-LevelMeeting, Seoul,Korea

BeforeIbeginmyremarkstoday,Iwouldlike to thanktheFSIandEMEAP foronceagainorganisingyetanotherexcellenteventintheseriesofHigh-LevelMeetingsinAsia.

PriortotakingupmycurrentroleinBasel,IattendedtheseeventsasanAustralianbanksupervisor,andalwaysfoundthemtobevaluableopportunitiesfortheexchangeofideasandviewsbetweentheregion’sseniorregulatorsandindustryrepresentatives.

AlthoughIamnowbasedinanotherpartoftheworld,Iamveryhappytobeabletocontinuetoparticipateandcontributetothesediscussions.

IwouldalsoliketoacknowledgethattheAsianregionleadstheworldinitsimplementationofBaselIII.

Theregionhasbenefitedfromthedevelopmentofstrongbankingsystemssupportedbystrongregulatoryregimes.

Furthermore,manyofyouhaverecognisedBaselIIIasaminimum,and have adoptedlocalpracticesthatimposeadditionalrequirements todealwithlocalrisks.

Theresultishealthybankingsystemsthatarewellequippedtosupporteconomicgrowth,notleastbysteppingintothegapcreatedbytheconstraintsfacedbymanybanks in otherpartsoftheworld.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |42

  • Findingtherightbalance

  • Iamsurethatmanyofyouknow thestoryofGoldilocksandthethreebears.

  • In it,Goldilocksexploredthebears’house,testingtheporridge,thechairsandthebedsuntilshefoundthingsthatshethoughtwere“justright”.

  • WhenItookupmyrole inBasel,afriendsuggestedIhada“Goldilocks”job.

  • Bythishemeantthatmytaskwas to takearangeofcompetingobjectives,andfindsomemiddlegroundthatwas“justright”.

  • In aninternationalpolicymakingcontext,thatimpliespoliciesthatare:

  • comprehensive,yetsimple;

  • strong,butnotburdensome;

  • risk-based,yeteasy to understandandcompare;

  • flexibleandadaptable,yetconsistentlyapplied;

  • suitablefornormaltimes,butfoundedonthelessonsfromcrises;

  • builtonconsensus,butalsoonthebroadestpossibleengagement;and

  • utilisingappropriatelytherelativestrengthsofbothregulation(rules)andsupervision(oversight).

  • Withsuchamultidimensionalsetoftrade-offs,findingtheoptimalpointforanygivensetofregulatoryproposalsisinevitablyverydifficult.

  • In thecaseofBaselIII,theCommitteesoughtasuitableminimumamountofcapitalthatwas“justright”–notsolittlethatthefinancialsystemremainedsusceptible totheweaknessesrevealedin2007–08,but

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |43

  • notsomuchthatbanks couldnotperformtheirimportanteconomicfunctions.

  • TheCommitteealsoneededtoimprovethewaythattheadequacyofcapitalwasmeasuredsothatitappropriatelyrecognisesthemateriallydifferentmagnitudesofriskwithinindividualbankbalancesheets,butat thesametimeprovidesanoverallmeasureofsoundnessthatinvestorscan compareacrossbanks.

  • And,recognisingthattheBaselframeworkistheglobalstandardforbankcapital,theCommitteeneededsomethingthatwassuitableforinternationallyactivebanks– ourcoreconstituency– butcouldalsobeappliedmorebroadly.

  • Capitalrequirements–adequateandcomparable

  • Regulatory capitalrequirementsdomanythings,butattheirhearttheymust achievetwo fundamentalobjectives:

  • ensurebanks haveanadequatelevelofcapital(ierelative totheirriskprofile);and

  • provideameasureofcapitalthatiscomparableovertimeandbetween banks.

  • Thefirstoftheseobjectives–adequacy–isanobviousgoal,butfailuretoachievethesecond–comparability–underminesconfidencethatthefirstisbeingachieved.

  • Sincewearedealingwithinstitutionsthathaveabusinessmodelfoundedonconfidence,theimportanceofcomparabilityshouldnotbeunderestimated.

  • Duringtherecentcrisis,questionsbegantobeaskedaboutthereliabilityofrisk-basedcapitalratiosasanindicatorofbankhealth.

  • In myview,therewerethreefactorswhichservedtoundermine

confidenceintherisk-basedmeasureofcapital:

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |44

  • theregulatory capitalbaseincludedcapitalinstrumentsthatwerenottrulyloss-absorbing– financialmarketsincreasinglydiscountedthese;

  • theregulatory capitalbaseinsomecountriesfilteredout(ieignored)someunrealisedlossesthatbankshadincurred– financialmarketswantedtoaccountforthese;and

  • risk-weightedassetcalculationshadbecomecomplexandopaque,makingthemdifficultforexternal investors to understand– financialmarketsbecameconfusedbythese.

  • In otherwords,questionswerelegitimatelybeingasked aboutwhethercapitalwasbothadequateandcomparable.

  • Thequestionsrelated toboththenumeratorandthedenominatoroftheregulatorymeasure.

  • ThereformscontainedinBaselIIIlargelydealwiththesefirsttwo items.

  • BaselIIIraisestheminimumquantityoftrulyloss-absorbingcapitalbymany multiples.

  • Italsoimprovesthequalityofthat capitalbyeliminatingquasi-capitalinstruments,andcertainotherassets,thatprovedoflimitedvalueintimesofstress(indeed,investorsin someoftheseinstruments,ratherthan providingasourceofsupport,hadtobebailedoutthemselves!).

  • Inaddition,byremovingprudentialfiltersandforcingbankstorecogniseunrealisedlossesonfairvalueassets,capitalratioswillbemorecrediblebybetterreflectingthetrue capacityofabanktoabsorbfurtherlossesatanygivenpointintime.

  • Havingsubstantiallysimplifiedandimprovedthenumeratorofthecapitalratio,theCommittee’sattentionisnowturningto concernsabouttherisk-weightingframework:

  • itissaidbysometobetoocomplexanddifficulttounderstand,andthatsomethingsimpler(indeed,somesaysimple)wouldbebetter;and

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |45

  • itissaidbysometoprovidetoomuchflexibilityonhow riskshouldbemeasured,makingitdifficulttocomparereported capitalratios.

  • Theseconcernsarecloselyrelated– althoughthatdoesnotmeanlesscomplexityandlessflexibilityalwayslead to morecomparability.

  • Complexityandflexibility

  • Internationalbanksarecomplexorganisations.

  • Today,noteven“traditional”linesofbusiness,suchasretailandcommercialbanking,aresimplebusinessesto run,iftheyeverwere.

  • Capturingtherisk profileofthesebusinessesin asinglemeasureoffinancialsoundnessisextremelydifficult.

  • Thecomplexityinthe capitalframeworklargelycomesfromthedecisiontoallowbankstousetheirowninternalmodelstomeasurerisk,themajorinnovationcontainedin BaselII.

  • Althoughinternalmodelshadalreadybeenpartoftheregulatoryframeworkforadecade,thiswasonlyforarelativelysmallareaofactivity.

  • BaselIIprovidedthe capacitytodothisforthebiggestrisk mostbanksface– thecreditriskwithintheirloan books.

  • While,ofcourse,banks wererequired tojumpalargenumberofhurdlesinrelationtomodelspecificationandvalidationbeforetheycouldusetheirownmodelsthenewframeworkdidmovebanksawayfromthe“onemodelfitsall”approachthatwasatthecoreofBaselI.

  • Theprimaryobjectivebehindthisimportantstepwas to betteraligncapitalwithunderlyingrisks.

  • Regulatoryrequirementscreateincentives;BaselIIattempted to alignthoseincentivesmuchmorecloselywitheconomicrealitythanwasthecaseinBaselI.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |46

In thisrespect,BaselII’sgoalcan be thoughtofaspromoting bothcapitaladequacyand capitalefficiency.

Properlyapplied,banks’capitalrequirementscouldbemuchmoreresponsivetotheunderlyingriskstheyweretaking;low-riskbankswould benefitbynotbeingburdenedwithunnecessary capitalrequirements,andthosewithhigherriskprofileswouldneedtoholdadditionalcapitalcommensuratewiththeriskstheyareexposedto.

Toputitanotherway,BaselIIsoughttobetterdistinguishbetweenhigh-andlow-riskbanks,anditrequiredhigher-riskbankstooperatewithlowerlevelsofleveragethantheirlow-riskpeers.

Butasanyoneknowswhohasbuilt,supervisedorjusttriedtounderstandinternalriskmodelswithinabank,theyarenotsimple.

Theyare,ofcourse,asimplificationoftherealworld,butthatisnotmuch ofaconsolationsincetherealworldisextremelycomplex.

Thedifficultyisthat,ifmodelsareoversimplified,theydonotproduceriskmeasuresthatreflectreality.

Butifmadetoocomplex,hardlyanyonecan saywhethertheyproducerealisticrisk measuresornot!

Andbyallowingadegreeofflexibilityforbankstomodelrisksastheyseethem,wemakeitmoredifficult to achievecomparability.Gettingit“justright”thereforerequirescarefuljudgement.

Comparability

BaselIIwasundoubtedlyamajorimprovementintheconceptualsoundnessofthe capitalmeasurementprocess.

Italsocreatedimportantincentivesforbanks torefineandimprovetheir riskmodels,and toavoidhighcorrelationsbetweenrisk managementmethodswhichcouldhavedetrimentalimplicationsforfinancialstability.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |47

  • Thesebenefitsshouldnotbelightlydismissed,buttherearenowconcernsthatthewayin whichmodelsarecurrentlyusedhinderscomparability,sinceusersofinformationcannotunderstandtheimpact thatmodellingchoiceshaveontheresultingcapitalrequirements.

  • TheCommitteethereforeneedstoensurethatthisadditionalrisksensitivityisnot,asaresultofitscomplexity,underminingtheoverallregimebymakingcomparisontoodifficultforallbutsupervisoryexperts(andmaybeevenfortheexperts too!).

  • Butbeforewerevertto asimplermeasurementmethodology,weneedtobesurethatitwouldreallybemorecomparable.

  • Comparabilityhastwo basicdimensions:

  • betweenbanks atagivenpointintime;and

  • foragivenbank,overaperiodoftime.

  • Anystandardisedapproachwillnecessarilybeblunt.

  • Itwillbesimplertounderstandthananinternalmodel,butthatisbecauseitwillnecessarilymakemanyassumptions.

  • Theseassumptionswillmean risk canbeincorrectlymeasured.

  • Theywillalsomeanthat changesinabank’sriskprofilecangoundetected.

  • Taketheexampleoftheleverageratio.

  • Itwillnotdistinguishbetweentwosimilarlysizedbanksevenifoneholdsalargeportfolioofhigh-qualitysovereignexposures,andtheotheralargeportfolioofhighlyleveragedloansforpropertydevelopment.

  • Norwillitshow anyresponseifabankswitchesitsbalancesheetfromoneofthoseportfolios to theotherovertime.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |48

Aleverageratiomeasuresexactlywhatitsays–thedegreeofleverageonabank’sbalancesheet.

Forthispurpose,itisperfectlysuited.

Thatdoesnotnecessarilymakethemostusefulmeasureforjudgingtheadequacyofabank’s capitalbase.

Risk-basedregimesseektorespond tothisproblembyintroducinggreaterrisk sensitivity.

ButevenwiththestandardisedapproachesintheBaselframework,therearelimits to whatcanbeachieved.

Therisk-basedframework wouldrespond,viachangesinthereportedcapitalratio,tothesituationsIhavementionedabove.

Itwouldnot, however,necessarilyrespondatamoredetailedlevel– for example,itdoesnotmeaningfullydistinguishbetweenportfoliosoflowloan-to-valueratio(LVR),fulldocumentation,amortisingmortgageloans,andhighLVR,interest-only,self-certifiedmortgageloans.

Onlywithadditionalcomplexity canwetakegreateraccountofthemultifacetedriskswithinabank’sloanbook.

However,astheframeworkbecomesmoreandmorerisk-sensitiveinjudgingcapitaladequacy,itmaynolongerbethebestmeansofmonitoring,comparingandcontrollingoverallleverage.

Forthesereasons,BaselIIIutilisesbotharisk-based capitalratioandanon-risk-basedleverageratiotoprovidecomplementarymeasuresofcapitaladequacyandleverage.

Bothratiosserve their individualpurposes:oneameasureofcapitalrelativetorisk;theotherameasureofoverallleverage.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |49

Thetwomeasurescanalsobecomparedwitheach other,providingadditionalinformationthatwouldnotbereadilyavailablefrom eithermeasureonits own.

Improvingcomparability

Theinclusionoftheleverageratioin BaselIIIdoesnotremovetheneedtofurtherreviewthecomparabilityoftherisk-basedregime.

ToborrowfromWinstonChurchill,“howeverbeautifulthestrategy,youshouldoccasionallylookattheresults.”

TheCommitteehasbeenconsciousofthisissueforsometime,andoverthepastyearithasbeenexploringtheissuefrombothabottom-upandtop-downperspective.

Withregardtotheconcernsaboutthecomparabilityofmodel-basedrisk-weightedassetcalculations,theCommitteehasestablishedtwoworkstreams;onetolookattheconsistencyofcalculationsinrelation tothetradingbookand anotherparallelstreamforthebankingbook.

Thisworkhasexaminedpubliclyavailabledataforaselectionoflargebanksacrossmultiplejurisdictions,aswellasaskinganumberofbankstoprovideriskmeasuresforaseriesofhypotheticalportfolios.

Theoutcomeofthiswork hasbeensupplementedwithaseriesofmeetingswithindividualbanksbyaninternationalteamofsupervisoryexperts,withtheaimofprovidinggreaterunderstandingofthereasonsbehinddifferentresults.

ThetradingbookreviewwaspublishedattheendofJanuary,andIwillfocusmycommentsonittoday.

Theresultsofthebankingbookworkwillbereleasedinthecomingmonths.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |50

  • Thetradingbookreviewfoundthatitisreasonablefor investors tocomplainthattheyfindcurrentriskdisclosuresopaque–theCommittee’sanalysisfoundthesamething!

  • Currentdisclosureswerenotadequateforexternalparties tobeabletojudgewhethermovementsinmodelledrisk-weightedassetsovertime,orbetweenbanks,weredue tounderlyingdifferencesinrisk,orforotherreasons.

  • Thatthereisvariabilityinresultsbetweenbanks shouldnotsurprise.

  • Itisinevitable,andindeeddesirable, in anymodel-basedframeworkthat therebesome.

  • Whatwaspossiblysurprising,however,wasthatregulatoryandsupervisorydecisionswereproducinganon-trivialproportionofthevariability:contrarytotheinitialhypothesisofmany,itdidnotarisesolelyfromgivingbanks too muchfreedomtomodelrisk.

  • Aroundaquarterofthevariabilitywasduetoonesinglefactor:theuseofsupervisorymultipliers,whichareappliedasanincentiveforbanks toimprovetheirmodelsandrisk managementsystems.

  • Therearetwo otherpointsworthnotingfromthetradingbookanalysis:

  • Thevariabilitydrivenbysupervisors(duetotheuseofmultipliers,orbyrestrictingmodellingchoices)willalmostinvariablyincrease capitalrequirementsrelative to whattheymightotherwisebe.

  • Inotherwords,someofthevariabilityisduetosomebanksbeingheldtoahigherstandardthantheBaselminimumrequires.

  • Thisimprovestheadequacyofcapitalresultingfrominternalmodelsbut,duetothefactthatsomesupervisorydiscretionisnotdisclosed,reducescomparability.

  • Theoutcomesproducedbybankswerebenchmarked to ariskmodelproducedbytheteamofsupervisoryexpertsconductingtheanalysis.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |51

Theoutputofthismodelwasbroadlyconsistentwiththeaverageoftheresultsbeingproducedbybanks.

Althoughtheanalysisisnecessarilylimitedtothesampleofbanksandby thesimpleportfoliosused,therewasnoevidencetosuggestthatthebanks’modellingeffortssystematicallyunder-estimatedrisk(andhencetheadequacyofcapitalrequirements)acrossthegroupasawhole.

Nonetheless,evenafterallowingforsupervisorydecisions,bankmodellingpracticesweretheprimarydriverofvariability,andthatvariabilitymakescomparabilitymoredifficultto achieve.

Thankfully,theanalysisshowedthatthebulkofthiscouldbeattributedtoarelativelysmallsetofmodellingchoices,givingtheCommitteesomeobviousareastolookatifitdecidesthatvariabilityshouldbereduced.Iwillsaymoreaboutthisshortly.

Inparallelwiththisdetailedanalysis,theCommitteehasappointedataskforcetolookintothequestionofthesimplicityandcomparabilityoftheregulatoryframeworkfroma top-downperspective.

Thistask forcehasnotbeenlookingatspecificissuesofdetail,butinsteadisapproachingtheissuefromamoreconceptualperspective:whatistheoptimaltrade-offbetweensimplicity,risk-sensitivityandcomparability?

Thetaskforcefoundthattherearemanydriversofcomplexityintheregulatoryframework,andthatthegreaterfocusontherisk sensitivityofcapitalmeasuresisjustoneofthem.

Othersincludetheneedtoreflectdevelopmentsin financialmarkets,integratemodernriskmanagementpractices,andrespondtoinnovation.

Nevertheless,thetask forcehashighlightedanumberofareastheCommitteecouldconsiderifitwanted torebalancethecurrentframeworktopromotegreatersimplicity.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |52

  • Gettingthebalance“justright”

  • TheCommitteeisstillconsideringwhat,ifany,changescould tobemade totheregulatoryframeworktoenhancethecomparabilityofrisk-based capitalratios,bringingtogetherthetop-downstrategicthinkingofthetaskforcewiththebottom-upanalysisoftheteamsexaminingtheresultsofinternalmodels.

  • However,thepotentialmeansofenhancingcomparabilityarelikelytofallunderthreebroadthemes:

  • Enhancingdisclosure:Ifcurrentdisclosureisinadequatetoenableinvestors tounderstandchangesinriskprofile,thenitmakessensetoexaminehowdisclosurescanbeimproved.

  • TheCommitteerecentlyestablishedanewWorkingGrouponDisclosure,withaviewtoreconsideringexistingPillar3disclosurerequirements,aswellideasproposedbygroupssuchastheEnhancedDisclosureTaskForce,toseewhetherthey canbeimproved.

  • Thatdoesnotnecessarilymeanwewilladvocateever-increasinglevelsof disclosure;itmaybethat“lessismore”andthatwecanstreamlinedisclosuresandmakethemmoreusefulatthesametime.

  • Makingmodellingmorerobustandconsistent:Tofullystandardiseinternalmodels(ietomakethem“externalmodels”)woulddefeatsomeoftheirpurpose:wewouldjustbeimposingastandardsupervisorymodel onbanks,andtherebyimposingasingleregulatoryjudgmentonthebestwaytomodelrisks.

  • Thus,wewouldendupwithacomplexsystem,butwithoutnecessarilyreapinganyofthebenefitsthatcomefromusinginternalmodels.

  • Theaimofthisworkthereforewouldnotbetoeliminatetheuseofmodelsbut,rather,toreinforceit.

  • Thatis,tomakemodelsmorerobustandtransparent,andtoensurethatimprovedsafeguardsandbackstopsare inplace.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |53

  • Developingsupplementarymeasures:BaselIIIalreadyrequiresbankstodisclosearisk-basedratioandaleverageratio.

  • Followingthisapproach,additionalbenchmarkscouldalsobedisclosed.

  • Forexample,thecurrentreviewofthetradingbookframeworkiscurrentlyconsideringindustryfeedbackonaproposaltorequirebankstodisclose capitalrequirementsusingbothinternalmodelsandthestandardisedapproach.

  • Alloftheseoptionshavecosts,andtheCommitteewillneed to considerthemcarefully.

  • Butthecostsofalackofconfidenceinbankcapitalratiosarelikelytobesubstantial,socostshouldnotbeareason to immediatelydismissanyideasoutofhand.

  • Industryfeedbackonthemeritsofdifferentsolutionswillbewelcome.

  • Concludingremarks

  • In thepost-crisisperiod,wehavesubstantiallystrengthenedtheregulatoryframework.

  • Thisisanimportantinvestmentinthefinancialsystem’sfuture resilience.

  • Whiletherehavebeencomplaints abouttheburdenofreform,manystudiesshowthecost-benefittrade-offstobeoverwhelminglypositive.

  • Muchofthisdebateisnowwindingdown:indeed,manycountries– includinghereinAsia– nowhavetheBaselIIIcapitalreformsin place,andtheirbankingsystemscontinuetoperformwell.

  • Itisimportantwepressaheadtocompletethereformagenda,particularlyastherearesignsthatthebankingindustryisagainsheddingitsinhibitionsinitskeenness totakeadvantageofimprovedmarketconditions.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |54

BaselIIIsubstantiallyimprovedtheadequacyofminimumcapitalrequirements.

However,thisworkwillbeundonetosomedegreeifcounterpartiesandinvestorslosefaithinthecomparabilityofreportedratios.

Muchofthedebateonthisissueisfocusedontheroleofinternalmodelsintheregulatoryframework:dotheyhelporhinderourunderstandingofbanks’financialsoundness?

Itisstatingtheobvioustosaythatthefaithplacedinmodelshasbeendentedby theeventsoftherecentcrisis.

Revertingto simplermeasures,however,doesnotnecessarilyproducecomparablemeasuresofabank’s capacity to absorbtherisks initsbalancesheet.

Todothiswell,somecomplexityisinevitable;indeed,itcanbejustifiedifitimprovesconfidenceintheadequacyandcomparabilityofcapitalratios.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |55

ProtectingInvestorsthroughReliableAudits

JeanetteM.Franzel,BoardMember

WayneStateUniversity,GeorgeR.HusbandDistinguishedLectureSeries,Detroit,MI

ItismydistinctpleasuretobeheretodayaspartoftheGeorgeR.HusbandDistinguishedLectureSeries.

ItisimpressivethatformerstudentsandadmirersofGeorgeR.Husbandendowedanaccountingprofessorship,severalannualstudentscholarships,andthisannuallectureseriesinhismemory.

BeforeIgetstarted,ImusttellyouthattheviewsIexpresstodayaremypersonalviewsanddonotnecessarilyreflecttheviewsoftheBoard,anyotherBoardmember,orthestaffofthePCAOB.

Asyouknow,thePCAOBwascreatedbytheSarbanes-OxleyActof2002inresponsetonumerousfailuresoftheprofessiontofulfillitstrustedroleincorporatefinancialreportingandauditingwhennumerousfinancialreportingfraudsandauditingfailures causedacrisisofconfidenceintheintegrityoftheU.S.financialmarkets.

ThecreationofthePCAOBendedmorethan100yearsofself-regulationbythepublicaccountingprofessionintheU.S.,andestablishedtheBoard'sregulatoryframeworkforfirmsthatconductauditsofcompanieswhosesecuritiestradeontheU.S.markets.

Manyothercountriesalsohaverealizedtheneedforeffectiveauditregulationsandhaveformedauditregulatoryregimes.

Someofthesecountrieshaveadoptedauditregulatoryregimesmodeled,atleastinpart,ontheSarbanes-OxleyActandthePCAOB.

TodayIwillprovideanupdateonthebasicmission activitiesofthePCAOBinourfouroversightareas—registration,inspections,

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |56

enforcement,andstandards.Andaspartofthatdiscussion,Iwill detailtheBoard'sprogressintheareasofbroker-dealerauditsandinternationalinspections.

FirmsRegisteredwiththePCAOB

TheSarbanes-OxleyActandPCAOBrulesrequireallU.S.andnon-U.S.accountingfirms toregisterwiththeBoardiftheyprepareorissueauditreportsorplayasubstantialroleinpreparingorissuingauditreportsofissuers,brokersanddealers.

PCAOB-registeredpublicaccountingfirmshavebeengivenanimportantroleinthecapitalmarkets—toprovideassurancetoinvestorsandothersthattheauditedfinancialstatementsfairlypresentthecompanies'orbroker-dealers'financialresultsinconformitywithapplicableaccountinganddisclosurestandardsandrules.Registrationisasignificantoversight areafortheBoard.

Currently,about2,360firmsareregisteredwiththePCAOB,includingabout910non-U.S.firmslocatedin84countries.

NotallPCAOB-registeredfirmsregularlyissueauditreportsforissuers,butweinspectthose—approximately750firms,includingmorethan240non-U.S.firms—thatdo.

Additionally,approximately90registeredfirmsdonotregularlyissueauditreportsforissuers;however,theyreportthattheyplayasubstantialrolein theauditsofissuers.

Together,thesefirmsauditorplayasubstantialroleintheauditsofmorethan9,700U.S.issuercompaniesthathaveapproximately$26.4trillioninmarketcapitalization.

Furthermore,approximately800registeredfirmsreportthattheyauditbrokersanddealers,includingapproximately480thatreportthattheydonotauditissuers.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |57

Clearly,reliablefinancialstatementsplayakeyrolein thefinancialmarkets,whichareintegraltothesuccessandwell-beingofAmericanhouseholdsandbusinesses,theU.S.economy,andparticipantsandstakeholdersfromaroundtheworld.

Inspection ofPCAOB-RegisteredFirms

Asecondarea ofBoard oversightisinspections.

InPCAOBnomenclature,wehave"annuallyinspectedfirms,"thosethatauditmorethan100issuersandareinspectedeachyear,and"trienniallyinspectedfirms,"whicharethosethatissue100orfewerauditreportseachyearandaresubjecttoinspectionatleasteverythreeyears.

PCAOBalsoinspectscertainfirmsthatauditbroker-dealersundertheBoard'sinterimbroker-dealerinspectionprogram,whichIwilldiscussinmoredetaillater.

During2012,PCAOB inspectedninefirmsthatauditedmorethan100issuersin2011.

Wealsocompleted167domesticfirmtriennialinspectionsand77non-U.S.firmtriennialinspections.

Forannuallyinspectedfirms,thePCAOBgenerallyissuedmostofitscompleted2011inspectionreportsduringthelatterpartof2012,withsomebeingissuedinearly2013.

Thetimingofour inspectionsreportinghasbeenachallenge,andtheBoardiscurrentlyworkingtoimprovethetimelinessofthesereports.

In termsoftrendsinfindings,thenumberofseriousauditperformancedeficiencieswereportedspikedinour2010 inspections,andremained highoverallforthelargefirmsinthe2011inspections.

Commonareaswherewefoundauditdeficienciesincludedauditingrevenuerecognition,auditingfairvalueofhard-to-valuefinancial

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |58

instruments,testingandevaluating internalcontrols,andtheauditor'sassessmentofandresponsetofraudrisk,amongothers.

OnFeb.25,2013,theBoardreleasedareportsummarizingobservationsidentifiedinthe2007through2010inspectionsofU.S.-basedtriennialfirms.

Forthesefirmsinparticular,auditareaswithfrequentinspectionfindingsincludedauditingrelatedpartytransactionsandauditingshare-basedpaymentsandequityfinancinginstruments,amongothers.

Thefindingsareserious,andrepresentdeficienciesthatareofsuchsignificancethatitappearedthatafirm,atthetimeitissueditsauditreport,hadfailed toobtainsufficient,appropriateauditevidencetosupportitsauditopiniononthefinancialstatementsand/ortheopiniononinternalcontroloverfinancialreporting.

Thesefindingsarereportedinthepublicversionoffirms'inspectionreports,whichareavailableontheBoard'swebsite.

Asecondcategoryofinspectionfindingsdealwithcriticismsidentifiedinthefirm'squalitycontrolsystemthat,duetostatutoryrestrictions,arenotinitiallyincludedinthepublicportionofthereport.

Qualitycontrolfindingsfocusonissuesthatmayhavecausedtheauditperformancedeficiencies,aswellas otheraspectsofthefirm'smanagementofitsauditpracticethatcouldnegativelyimpactauditquality.

Someexamplesofareasofspecificconcernregardingqualitycontrolthatappearininspectionreportsincludeproblemsintheareasofprofessionalskepticism,toneatthetopoffirmmanagement,internalinspections,andfirms'qualitycontrol processesrelatedtospecificaspectsofauditing,suchastestingandevaluating internalcontroloverfinancialreporting,fairvalue,and otherareas.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |59

AstheSarbanes-OxleyActprovides,ifafirmdoesnottakesatisfactoryaction to remediatequalitycontrolcriticismswithin12monthsoftheinspectionreport,thatportionofthereportisalsomadepublic.

Remediationisaveryimportantpartoftheprocess.

Itisthroughtheseactionsthatfirmscorrecttheirqualitycontrolcriticismsanddriveimprovementsinauditquality.

TheBoardencouragesfirmstoinitiateadialoguewiththeBoard'sInspectionsstaffabouthowthefirmintendstoaddressthequalitycontrolissues.

Basedonthetimingoftherelatedremediationperiodsandthefirms'effortsinthoseareas,itisreasonable to expectthatfirmsshouldstarttoachievesignificantimprovementsintheir2013inspectionresultsforthoseareasidentifiedasproblemsduringthe2010and2011inspections.

Ithinkwewillalsoseeimprovementsinsomefirms'2012inspectionreports,whichwillbeissuedthisyear.

Broker-DealerAuditOversightProgram

TheDodd-FrankWallStreetReformandConsumerProtectionActof2010authorizedtheBoard to establishaprogram toinspecttheauditorsofbrokersanddealersthatareregisteredwiththeSecuritiesandExchangeCommission.

CongressdecidedtostrengthentheregulatoryoversightofsecuritiesindustryauditorsaftertherevelationofthePonzischemeoperatedoutofBernardL.MadoffInvestmentSecurities.

ThelawleavestotheBoard,subjecttotheapprovaloftheSEC,importantimplementationdecisionsconcerningthescopeoftheprogramandthefrequencyofinspections,including whethertodifferentiateamongcategoriesofbrokersanddealers,andwhethertoexcludefromtheinspectionprogramany categoriesofauditors.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |60

Thereareapproximately4,400brokersanddealersthatfiledauditedfinancialstatementswiththeSEC forfiscalperiodsendingduring2011.

TheBoardiscurrentlyconductinganinterimbroker-dealerauditinspectionprogram,whichhasbeeninplaceforabout18months,thatwillhelp usdesignapermanentbroker-dealerauditinspectionprogram.

TheBoardissueditsfirstreportontheinteriminspectionprogramforauditsofSEC-registeredbrokersanddealersonAug.20,2012.

Thereport,whichisavailableonourwebsite,detailsthefindingsfrominspectionsof10auditfirmsandportionsof23auditsofsecuritiesbrokersanddealers.

PCAOBinspectorsidentifieddeficienciesin alloftheauditsinspected.Evenwiththissmallgroupofaudits,theinspectionresultsaredisturbing.Thedeficienciesfellintothreebroad categories:

auditproceduresovercustomerprotectionandnetcapitalrequirements,

auditsofthefinancialstatements,and

auditor independence.

Weinspectedanother43firmsandportionsof60auditsduring2012,andwillissueanotherreportonthoseresultsin 2013.

Unfortunately,wecontinuetofindsignificantissuesinthissecondbatch ofinspections.

TheBoard'sapproachtoestablishinganinspectionprogramforauditsof brokersanddealersisfocusedon

(1)how best topromoteinvestorprotectionand

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |61

(2)how to createanefficientandeffectiveregulatoryschemethatappropriatelyaddressesthediversityofauditsofbroker-dealers,weighingthedifferencesintheirrisk profiles,andthecostsandbenefitsinvolved.

In 2013,wewillbegintoworkonthedesignforapermanentprogramofinspectionsofauditorsofSEC-registeredbrokersanddealers.

Theinteriminspectionprogramwillcontinuebeyond2013,untilrulesforapermanentinspectionprogramtakeeffect.

InternationalInspectionsandOversight

Ourinternational inspectionsandcooperationwithforeignauditregulatorscontinuetotakeonincreasingimportance.

Andwhileweinspectfirmsaroundtheworldthatareaffiliatesofthelargeglobalnetworks,thisisnotjustabig-firmphenomenon.

SmallU.S.auditfirmsareengaged-oftenasasubsidiaryorcomponentauditor-inboththeauditsofforeignprivateissuersfromEurope,Asia,LatinAmerica,Africaandelsewhere,aswellasin auditsofU.S.companiesthatoperateinthesepartsoftheworld.

Inaddition,smallnon-U.S.auditfirmsinAsia,EuropeandelsewhereareregisteredwiththePCAOBbecausetheyauditorwishtoauditcompaniesthathaveissuedsecuritiesintheU.S.

Todate,thePCAOBhasinspectedauditfirmsin40non-U.S.jurisdictions.

During2012,almostone-thirdofthetriennialinspectionsconductedbyPCAOBinspectionteamswerefornon-U.S.firms(77ofthe244firmsinspected).

Tofacilitatetheseinspections,wehavesignedcooperativeagreementswiththeauditregulatorsin16ofthosenon-U.S.jurisdictions,includingsixintheEuropeanUnion.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |62

In the otherjurisdictionswhereweinspectbutdonothavecooperativeagreements,wedosobecause thelocalauthoritieshavenoobjectiontoourconductingPCAOB-onlyinspectionsin theirjurisdictions.

Unfortunately,PCAOBiscurrentlyblockedfrominspecting-duetoassertedlegalconflictsorsovereigntyissues -in15jurisdictionsthathaveissuerswhosesecuritiestradeintheU.S.

ThesejurisdictionsincludeChinaandcertaincountriesintheEuropeanUnion.

Whilewehavenotyetreachedcooperativeagreementswithauditregulatorsinthosejurisdictions,wecontinue tonegotiatewiththem.

Ourongoingdifficultieswithinspectingauditworkconductedin China,inparticular,has receivedalotofattentioninthefinancialpressduetothesignificanceoftheChineseeconomyandthenumerousfinancialreportingproblemsthathavesurfacedwithrespecttosomeChinesecompanieslistedontheU.S.markets,amongotherreasons.

In particular,significantproblemshavesurfacedregardingthefinancialstatementsofsomeChinesecompaniesthatwereauditedbyfirmsinChinathatthePCAOBhasbeenblockedfrominspecting.

Thishasgeneratedsignificantconcernintheinvestorcommunity about thequalityoftheauditpracticesandtheaccuracyofpublicdisclosuresofChinesecompaniesaccessingtheU.S.capitalmarkets.

Beginninginthelatterpartof2010,approximately67China-basedissuershavehadtheirauditorresign,and126issuershaveeitherbeendelistedfromU.S.securitiesexchangesor"gonedark"—meaningthattheyarenolongerfilingcurrentreportswiththeSEC.

BillionsofdollarsofmarketcapitalizationofsuchcompanieshavebeenlostinU.S.securitiesmarkets,anditisfairtosaythatallChina-basedcompanieslistedherehavesufferedseriouslossesofbothmarketvalueandinvestorconfidenceasaresultoftheproblemsofothercompanies.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |63

ThePCAOB'sinabilitytoinspecttheworkofPCAOB-registeredfirmsinChinacontinuestocreateagapingholeininvestorprotection.

Lately, however,wehavebeensomewhatencouragedbysomeincrementalprogressin ournegotiationswiththeChineseauthorities,includinganagreementlastyearonguidelinesthatenabledustosendaninspection teamtoobservepartofaninspectioncarriedoutbytheChineseauditregulator.

Wearecontinuingoureffortstoestablishasetofprotocolsthatwould provideforfurthercross-bordercooperationwithChinainamannerconsistentwithourstatutorymandate.

Ifweareunable to reachagreement,wewillhavetomakesomeimportantdecisionsabouthow best toprotectinvestors.

EnforcementActivitiesInvolvingFirmsandIndividualAuditors

AsfortheBoard'sthirdoversightarea,astrongenforcementfunctionisessentialtotheBoard'sfulfillmentofitsinvestorprotectionmission.

Tothatend,theBoardhasbeendevelopingarobust,activeenforcementprogramthatseekstoidentifypotentialcasesofseriousauditormisconduct, investigatethemthoroughlyandpromptly,andlitigatetheresulting disciplinaryactions.

The overridinggoalis toensurethatauditorswhocommitseriousviolationsofourauditstandardsfaceappropriateandrealremedialordisciplinaryconsequences.

TheDivisionofEnforcementandInvestigationscarriesouttheBoard'sinvestigativeanddisciplinaryauthority.

UndertheSarbanes-OxleyAct,theBoardisauthorizedtoinvestigateauditorconductthatmayviolatethelaws,rules,orstandardswithintheBoard'sjurisdiction.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |64

TheBoardisfurtherempowered to imposearangeofremedialanddisciplinarysanctionsagainstregisteredaccountingfirmsandassociatedpersonswhoviolatethoselaws,rules,orstandards.

TheEnforcementDivisionfocusesitseffortsonhigh-priorityinvestigationsinvolvingsignificantinvestorprotectionconsiderations.

Itsmattersarisefromanumberofsources,includingBoardinspectionsofregisteredfirms,analysisconductedbytheBoard'sOfficeofResearchandAnalysis,otherregulators,publicdisclosuresofrestatementsandauditorchanges,newsreports,andconfidentialtips.

Ourwebsitehasinformationonhow toprovideenforcementtips,referrals,andinformationonpotentialviolationsoflaworPCAOBrules.

PCAOBhasbeenbuildingitsenforcementprogramsince2004whentheBoardhiredadirectorandstartedthetipsandcomplaintscenter.

In 2005,theBoardannounceditsfirstfoursettlementsandopened17formalinvestigations.

Sincethen,wehavecontinued tobuildafullyfunctioningenforcementandinvestigationsfunction.

Thefirstadjudicatedorderswerepubliclydisclosedin2009and2010.Thenin2011,theBoardsettleditslargestcase todateatthattime,imposingcensuresanda$1.5millionpenaltyon PwC'sIndiaaffiliatesfortheirauditfailuresconcerningSatyamComputerServices.

TheBoardcoordinatedits actionswiththeSEC'sDivisionofEnforcement,whichbroughtaparallelcaseagainstPwC'sIndiaaffiliatefirms.

During2012,theBoardissuedeightsettleddisciplinaryordersimposingsanctionsonauditorsrangingfromcensurestomonetarypenalties tobarsagainsttheirassociationwithregistered accountingfirms.

Thosesanctionscoveredfourregisteredaccountingfirmsand11associatedpersons.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |65

In addition,theBoardissuedthreeadjudicateddisciplinaryordersaftercompletingtheadministrativehearingprocess.

OnFeb.8,2012,theBoardissuedanotablesettledorderregardingE&Y'sauditsofMedicisPharmaceuticalCorp.overthreeyearsandarelatedaccountingconsultation.

TheBoardimposeda$2millionpenaltyagainstE&Y—thelargestmonetarypenaltyimposedbytheBoardtodate—andimposedsanctionsonfourpartners,includingbarringtwofromassociatingwithregisteredaccountingfirms.

AnothersignificantaspectofthismatteristhatitstartedwithaBoardinspectionfindingaboutthesameauditdeficienciesthatledtotheenforcementorder.

Todate,theBoardhasissued56publiclyannounceddisciplinaryordersinproceedingsbroughtby theEnforcementDivision.

In theseproceedings,theBoardhasimposed42sanctionsonfirms(including27revocationsofregistration)and59 sanctionsonindividuals(including50barsorsuspension).

TheEnforcementDivisioncurrentlyhasmorethan80openinformalinquiries,formal investigations,andnon-publiclitigatedproceedingsin process.

AsImentioned,theBoard'sdisciplinaryproceedingsare,bylaw,non-publicunlesseachpartyconsentstopublichearings.

In thePCAOB'shistory,norespondenthaseverconsented topublicproceedings.

Theconfidentialnatureofourproceedingsresultsin anumberof unfortunateconsequencesfor investorprotectionandthepublicinterest.Amongotherthings,weareunabletodiscuss thenatureofouractivedisciplinaryproceedingsexceptinthemostgeneralofterms.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |66

Thisprocessisnotsufficientlyinformativetoinvestors,auditcommittees,auditors,orothersinterestedinunderstandingauditrisksandchallenges.

Thenon-publicnatureofourproceedingsalsoprovidesanincentiveforrespondentstolitigatemattersregardlessofwhethertheybelievetheyultimatelywillprevail,in ordertodelaypublicdisclosure.

Legislation,whichIsupport,wasintroducedinthelastCongresstomakeourproceedingsopen to thepublic,butitdidnotmoveforward.

IamhopefulthatCongresswillact to improvethetransparencyandefficiencyoftheBoard'sproceedings.

In additiontothe othercrucialfunctionsoftheBoard'senforcementprogram,theSarbanes-OxleyActprovidesthatpenalties theBoardcollectsindisciplinaryproceedingsaretobeused to fundmeritscholarshipsforstudentsin accountingprograms.

Theprogramwasinauguratedin2011.

Sincethen,theBoardhasusedpenaltyfunds collectedin enforcementmatterstoaward95scholarshipsof$10,000each,foratotalofalmost$1millioninscholarships.

AuditingStandards

ThePCAOBisuniquelypositionedtouseitsinsightfrominspectionandotheroversightactivities to improveexistingauditingstandards tosupporthighqualityauditstoprotectinvestorsandthepublicinterest.

AswelooktowhatthePCAOBhasaccomplishedthroughitsfourthoversightarea,standardsetting,andwhatstillneeds tobedone,wehavetakenonanambitiousprojecttobroadlyreexamineourstandard-settingapproach.

Iwon'tgothroughourentirestandards-settingagendatoday,butitandrelatedinformationcan befoundonthePCAOBwebsite.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |67

Wecurrentlyhavethefollowingprojectsonouragendaforthefirsthalfof2013:

Relatedparties(adoptionorre-proposal)

ReorganizationofPCAOBstandards(proposal)

Auditor'sreportingmodel(proposal)

Auditor'sresponsibilitieswithrespect tootheraccountingfirms,individualaccountants,andspecialists(proposal)

Audittransparency:identificationoftheengagementpartner(adoptionorre-proposal)

Wearealsocontinuingto developalong-termviewandframeworkforsettingstandardsbeyondthecurrentprojectlist.Thisisasubstantiveworkload,anditissomethingto watchthroughoutthecomingyear.

***

EveryaspectofthePCAOB'smission—registration,inspections,enforcementandstandardsetting—pointstothesignificantrolehigh qualityauditsplayintheeffectivefunctioningofour capitalmarkets.

AtthePCAOB,wehavetakenonanambitiousagendadealingwith numeroussignificantissuestohelpensurehighqualityauditsforthebenefitofinvestorsandthepublicinterestnowandforthelongterm.

Accountingandbusinesseducators,professionalsandstudentsalsoneedtohaveamindsetofworkinginthepublicinterestwiththehighestlevelofethicalconductandobjectivity.

Theacademiccommunity candoitspartbyfocusingstudentsontheseprinciples,sothattheyentertheprofessionmindfuloftheirresponsibilitiestoprotectinvestors.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |68

This,inturn,willhelpmaintainconfidenceinthecapitalmarketsandwillhelpensurethatwecan continuetopassalongopportunityand prosperity to futuregenerationsofAmericans.

ApaperthatexaminesGeorgeR.Husband'slifeandaccomplishmentsinresearch,serviceandteaching,statesthatHusband'sstudentscharacterizedhisteachingprinciplesinthefollowingthreebasicpositions:

ethicalbehaviorisofutmostimportance;

teachersareempoweringthefutureleadersoftheaccountingprofession;and

teachersshouldstretchstudents'thinkingto thelimits.

ItrustthattheeducatorsandstudentshereatWayneStateUniversityarecontinuingtoembodytheseprinciples.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |69

CounciloftheEuropeanUnion BaselIIIinEurope– CRD4

IrishPresidencyreachesbreakthroughonnewrulesforstrongerEUbanks

TheIrishPresidencyhasreachedabreakthroughintalkswiththeEuropeanParliamentonanoverhaulofbankingrulesincreasingEUfinancialstability.

TheMinisterforFinance,MichaelNoonan,welcomedthenews:

“IamveryproudtoannouncethattheIrishPresidencyhasmade thisbreakthrough– ithasbeenhardwon”

TheIrishPresidencyhasreachedprovisionalagreementwiththeEuropeanParliamentonnewrulesthatwillhelp makesurethatEuropeanbanksholdenoughgoodquality capitaltowithstandfutureeconomicandfinancialshocks.

Theprovisionalagreementtonightincludesrestrictionsonbankerspaytomakesurethatpaypracticesdonotleadto excessiverisk-taking.

ItalsoincludesnewprovisionstomakingEuropean banksmoretransparent.

TheMinisterforFinance,MichaelNoonan,said:

Duringthefinancialcrisis,Europeantaxpayershadtorecapitalisebanks.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |70

  • ThisoverhaulofEUbankingruleswillmakesurethatbanksinthefuturehaveenoughcapital, bothintermsofqualityandquantity,towithstandshocks.

  • ThiswillensurethattaxpayersacrossEuropeareprotectedintothefuture.

  • In thesenegotiations,asPresidency,wehavehad tobalancemanydifferentinterests:

  • thedesire to limitbankerspaywhilemaintainingacompetitiveEuropeanbankingsector;

  • theneedtoprovideasinglebutsufficientlyflexiblerulebookacrossEurope.

  • Thisagreementwillhave tobeapprovedbyEUMemberStatesbeforeitisfinal.

  • Therewillalsobesignificantfurthertechnicalworktocompletethedetailsofthelegislation.

  • TheMinistersaid

  • “Ibelievethatthecompromisepackagethatwehavereached tonightiswellbalanced.

  • IwillbepresentingthispackagetoFinanceMinisterswhenwemeetinBrusselsnextTuesdayandIhopetheywillendorseit”.

  • Background

  • Duringthefinancialcrisis,Europeantaxpayersrecapitalisedbankswhofoundthemselveswithinsufficient capitalto absorblosses.

  • ThisoverhaulofEUbankingruleswillmakesurethatbanksinthefuturehaveenoughcapital, bothinqualityandquantity.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |71

ThesestandardshavebeenagreedatG20levelinwhatisknown astheBaselIIIagreement.

ThenewEUrulesaresetoutinaRegulationandaDirective,makinguptheCapitalRequirementspackage.

ThesenewruleswillapplytofinancialinstitutionsacrossEurope,includingthe8,000bankscurrentlyoperatinginEurope.

Thepackagesetsoutrulesfortheamountofcapitalthatbanks needtohold,aswellasthequalityofthosefunds.

Itintroducesanewliquiditycoverageratioaswellasaleverageratiotolimitanexcessivebuildupofleverageonbanks’balancesheets.

Therearenewenhancedgovernancearrangementsforbanks,aimedatimprovingrisk management.

Thepackagealsointroducescapitalbuffersontopoftheminimumcapitalrequirements.

TheprovisionaldealreachedwiththeEuropeanParliamentalsoincludeslimitsonthesizeofbankersbonuses.

ThispackageisavitalpartofthesingleEuropeanbankingrulebook,afundamentalbuilding block forEUbankingunion.

CompletingbankingunionisanIrishPresidencypriority.

AsPresidencyweareworkingtoreachagreementwiththeEuropeanParliamentonthesettingupofasingleEuropeanbankingsupervisor.

Wearealsoworkingongettingmemberstateagreementonbankresolutionandrecoveryandwellasdepositguaranteeschemes,importantelementsincompletingbankingunion.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |72

Gettingthesinglesupervisor inplacewillbekey toallowingtheEuropeanStabilityMechanism(ESM)todirectlyrecapitalisebanksacrossEurope.

EuropeanParliament

MEPscapbankers'bonusesandstepupbankcapitalrequirements

Bankers'annualbonusesmustnotnormallyexceedtheirannualsalariesandbanksmustholdmorehighqualitycapitaltoincreasestabilityinthesector,

says adealreachedbyEuropean ParliamentandCouncilnegotiators.

Theonlypossibleexception,allowingbonusesofuptotwiceannualsalary,wouldhavetobeauthorisedbyholdersofahalfofabank'sshares.

MEPsfoughtfora1:1ratiofromtheoutset.

"Wehave achievedthemostcomprehensivebankregulationpackageintheEU.Bankswillbestabilisedandmoreresistant to crises",saidrapporteurOthmarKaras(EPP,AT)athispressconferencetoday

Bonuscap

Tocurbexcessiverisk-taking,thebasicsalary-to-bonusratiowillbe1:1butcouldberaisedtoamaximumof1:2withtheapprovalofshareholders.

Thishigherratiowouldrequirethevotesofatleast65%ofshareholdersowninghalfthesharesrepresented,orof75%ofvotesifthereisnoquorum.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |73

Toencouragebankers to takealong-termview,ifthebonusisincreasedabove1:1,thenaquarterofthewholebonuswouldbedeferredforatleastfiveyears.

Qualitycapital

Theruleswillraiseminimumthresholdsofhighquality capitalto beretained.Banks willberequiredtoholda minimumof8%goodqualitycapital(mostlyTier1,thelowest-riskform).

Transparency

Thelegislationwouldrequirebanks to discloseprofitsmade,taxespaidandsubsidiesreceivedcountrybycountry,aswellasturnoverandnumberofemployees.

From2014theseshouldbereported to theCommissionandfrom2015madefullypublic.

NextSteps

ThepoliticalagreementmustbeapprovedbymemberstatesandtheEuropeanParliamentplenary, in whichavoteisexpectedatthe15-18Aprilsession.

Onceapproved,memberstateswouldneedtoincludetherules intheirnationallawsby1January2014.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |74

UpdateonMeasurestoAddressUnrecordedFinancialFlows

BankNegaraMalaysia wouldlike toprovideanupdateonmeasuresthathavebeenundertakenbymembersofaHighLevelMulti-AgencySpecialTaskForce(TaskForce)to reduceillicitfinancialflows.

TheTaskForcecomprisesoftheAttorneyGeneral’sChambersofMalaysia,RoyalMalaysianCustomsDepartment,RoyalMalaysia Police,MalaysianAnti-CorruptionCommission,InlandRevenueBoardofMalaysia,ImmigrationDepartmentofMalaysiaandBankNegaraMalaysia.

TheTaskForce’sroleis to spearheadmoreeffectivecoordinationandcollaborationamongkeylawenforcementauthoritiesinthecountryaswellasbetweenlocalandinternationalenforcementagenciesto mitigateillicitactivityandfinancialflows.

Unrecordedfinancialflowsarelikelyoverstated

Arecentreportbyanexternalnon-governmentalorganisationhas raisedtheissueofsubstantialillicitfinancialoutflowsfromdevelopingeconomies.

Itisimportant tonotethatestimateshighlightedinitsreportsareessentially‘unrecordedfinancialflows’,whicharenotnecessarilysynonymouswith‘illicitfinancialflows’.

Thereportestimatedthat80%oftheunrecordedfinancialoutflowsinMalaysiaamountingto USD227.1billionduringtheperiodof2001-2010wereduetotrademispricing.

However,unrecordedfinancialflowswhicharederivedbycomparingimportandexportdatabetweencountriesalsoarisedue todata

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |75

discrepanciesandthevaryingconventionsused to compiletradestatisticsamongcountries.

Thisincludestimelag,variationsinvaluationandexclusionofcertaintypesofgoods.

Thesituationisfurthercomplicatedbythetreatmentofgoodsthatareexportedviare-exporthubs.

ExportsbyMalaysiato aspecifictradingpartnermayforexamplenotgiverisetoasimilarnumberrecordedas totalimportsfromMalaysiaby thatcountry.

Thisdiscrepancyarisesastheimportsarerecordedbasedoncountryoforiginthatalsoincludesthoseexportsthatareviaothercountries.

Aftertakinginto accountMalaysia’stradethatisexportedviaSingaporeandHongKong(re-exporthubs),theestimateoftrademispricingbetweenMalaysiaanditstop10tradingpartnerswerereducedsignificantlybyabout70%.

Sincetheestimatesinthereportoftrademispricingdonottake intoconsiderationsuchdiscrepanciesintradestatistics,theestimatesofillicitflowsare overstated.

Thereportalsoestimatedthat20%ofillicitoutflowswereaccountedforbyunrecordedtransferofproceedsviainformalchannelsthatis captured bytheErrorsandOmissions(E&O)oftheBalanceofPayments(BoP)ofthecountry.

ItshouldbenotedthatnottheentireE&Ofigureisattributable to illicitactivities,asitalsoincludesgenuinestatisticalerrorsfromthecompilationofstatisticsofexternaltradeandcross-borderfinancialtransactions.

SinceMalaysiaisaveryopeneconomywithtotaltradeingoodsandservicesamountingtoanaverageof192%ofGDP duringthisperiod,suchdiscrepanciesarebound tobelargein absoluteamount.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |76

Itisrecognised,however,thataportionoftheE&Ocouldarisefromthetransferoffundsobtainedfromillegalactivities,organisedcrimeandtaxandcustomdutiesevasion.

Importantly,theE&Ohasaveragedat2%oftotaltrade,whichiswell belowthe5%benchmarkthresholdprescribedby theInternationalMonetaryFund(IMF).

Theseratioshavealsobeenonamoderatingtrendsince2010.

Measureshavebeenundertakenandwillbefurtherintensified

TheGovernmenthasalwaysconsideredanytransgressionofthecountry’srulesandregulationsasaveryseriousmatter.

Indeedlongbeforesuchreportsonillicitoutflows,effortshadalreadybeenmadebytheGovernmentincombatingillegalfinancialflowsthroughvariouspreventivemeasures.

Collaborationbetweenrelevantagenciesonthisissuebeganin2008,culminatingintheestablishmentoftheTaskForcein2010.

Onmitigatingtrademispricing,theRoyalMalaysianCustomsDepartmenthastakenactionsagainstentitiesandindividualswhohaveevadedcustomsdutiesespeciallyin casesofunder-andover-invoicingofexportsandimportsofgoods,aswellasphantomshipmentsandotherfalsificationofthevalueorquantityofshipments.

Tightermonitoringandsurveillanceatvariousentryandexitpointsarein place,includingtheinstallationofclosed-circuittelevisionsandscanners.

In addition,alltravellers(Malaysianresidentsandnon-residents)are requiredtodeclaretotheCustomsiftheycarryintooroutofMalaysiacashinamountsexceedingUSD10,000oritsequivalentinRinggitandinforeigncurrency.

Effective1December2011,thenewMoneyServicesBusinessAct2011,underthepurviewofBankNegaraMalaysia,cameintoforcetosupport

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |77

thedevelopmentofamoredynamicandcompetitivemoneyservicesbusinessindustry(comprisingthemoneychanging,remittanceandwholesalecurrencybusinesses).

Therelicensingexerciseofallmoneyservicesbusinesseswascompletedin2012,resulting inthenumberofmoneychangersbeingreducedfrom839to511.

Thisexercisehasenhancedthe capacityofthemoneyservicesbusinessindustrytobemoreprofessionalandpreventtheplayersfrombecomingaconduittoillegalfundtransferactivities.

In addition,theexercisealsoresultedintheapprovalofqualifiedmoneychangersasremittanceagents.

Thisisexpected to facilitatethemigrationofremittances,especiallybyforeignworkers,frominformaltoformalchannels.

TheMoneyServicesBusinessAct2011furthercomplementsthemeasuresthathavebeenputinplace andactionstakenundertheAnti-MoneyLaundering&Anti-TerrorismFinancingAct2001(AMLATFA2001).

TheAMLATFA2001whichcameintoforceon15January2002criminalisesmoneylaunderingofproceedsfromseriouscrimes.

Malaysiaisnowwellsupportedbyrobustlegislationtocombatillegalfinancialflows.

In addition,Malaysia’seffortstostrengthenthelegislationandimplementationofAntiMoneyLaundering/CounterFinancingofTerrorismmeasureshavebeenrecognisedbytheIMFandtheWorldBankduringtherecentFinancialSectorAssessmentProgramme(FSAP),whereMalaysiawasaccordeda“Compliant”ratingfortheBaselCorePrinciples(Principle18)and“Observed”fortheInsuranceCorePrinciples(ICP22).

Greatercollaboration amonglocalagenciesaswellaswiththeirinternationalcounterpartsthroughthesharingofdatabases,information

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |78

andintelligenceandjointenforcementactions,withsomeofthemfacilitatedbytheTask Forcehadyieldedpositiveresultsincombatingillegalactivities.

TheInland RevenueBoardofMalaysiahastaken actionsonentitiesandindividualswhohaveevadedcorporatetaxes.

TheBoardhadalsoconductedtaxauditonfirmsandstrengtheneditsenforcementtominimisetaxevasion.

TheCustomshavealsointensifieditsenforcementefforts.

Theseeffortshaveproducedresultsshownbythesignificantriseintaxanddutiescollections.

Movingforward,thetrademispricingissuewillalsobemitigatedwiththeintroductionofGoodsandServicesTax(GST)whichrequiresreportingofvalue-addedatvariousstagesofproduction.

Recognisingtheimportanceofaddressingillicitfinancialflows,continuedconcreteandcoordinatedeffortsbetweenvariousenforcementagenciesincludingacross borderswillcontinue tobepursuedto ensuretheintegrityandstabilityoftheMalaysianfinancialsystem.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |79

PCAOBIssuesReporton2007-2010InspectionsofDomestic FirmsthatAudit100orFewerPublicCompaniesWashington,D.C.,Feb.25,2013

The PublicCompanyAccountingOversightBoardtodayreleasedareportsummarizinginspectionobservationsidentifiedinthe2007 through2010inspectionsofU.S.firmsthataudited100orfewerpubliccompanies.

Suchfirms mustbeinspectedatleastonceeverythreeyears(trienniallyinspectedfirms).

Overall,theresultsshow areducedrateofreported"significantauditperformancedeficiencies"whencomparedtoa2007reporttheBoardissuedaddressingobservationsfrominspectionsoftrienniallyinspectedfirmsfrom2004through2006.

Significantauditperformancedeficienciesarethosethatresultintheauditfirmlackingsufficientevidencetosupportitsauditopinion.

Thereportnoteslowerratesofsignificantauditperformancedeficienciesoverall in thegroupoffirmsthathadsecondinspectionsduringthe

2007-2010period.

Offirmsthathadasecondinspectionduringthatperiod,36percenthadatleastonesuchdeficiencyintheirsecondinspection,comparedto55percentintheirinitialinspection.

Despitethedecreasein therateofsignificantauditperformancedeficienciesnotedinsecondinspections,thepersistenceofsuchdeficienciesinauditsperformedbyalargenumberofdomestictriennialfirmsisofconcerntotheBoard.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |80

  • "TheBoardhasissuedthisreporttohighlightareaswhereauditfirmscan focustheirattention to enhancethequalityoftheiraudits,"saidJamesR.Doty,PCAOBChairman.

  • "Wealsoencouragefirmsto identifyandaddresstheroot causesofanyauditperformancedeficienciesidentifiedduringtheinspectionsprocess."

  • Accordingtothereport,44percentoftheauditfirmsinspectedduringthe2007-2010periodhadatleastone"significantauditperformancedeficiency"comparedto61percentin the2004—2006period.

  • Oftheindividualauditsinspectedbetween2007and2010,28percenthadatleastonesignificantauditperformancedeficiencycomparedto36percentoftheauditsinspectedbetween2004and2006.

  • Auditareaswithfrequentinspectionfindingsin the2007-2010periodrelatedto:

  • auditingrevenuerecognition;

  • auditingshare-basedpaymentsandequityfinancinginstruments;

  • auditingconvertibledebtinstruments;

  • auditingfairvaluemeasurements;

  • auditingbusinesscombinationsandimpairmentofintangibleandlong-livedassets;

  • auditingaccountingestimates;

  • auditingrelatedpartytransactions;

  • useofanalyticalproceduresassubstantive tests;and

  • auditprocedures torespondtotheriskofmaterialmisstatementduetofraud.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |81

The"Reporton2007-2010InspectionsofDomesticFirmsthatAudit100orFewerPublicCompanies"includesobservationsfrom748inspectionsof578domestictriennialfirmsconductedinthe2007—2010period,andencompassesInspectionstaffreviewsofaspectsof1,801audits.

ExecutiveSummary

The PublicCompanyAccountingOversightBoard(the"PCAOB"orthe"Board")isissuingthisreporttoprovideasummaryofobservationsfromitsinspectionprogram.

Thisreportcoversdomesticauditfirmsthatauditthefinancialstatementsofissuers,andthatregularlyissue100orfewerauditreportseachyear.

Suchfirms mustbeinspectedatleastonceeverythreeyears("trienniallyinspectedfirms").

Thisreportdescribesinspectionfindingsfrom578firmsand1,801individualauditsthatwereinspectedin 2007-2010.

ThePCAOBhaspreviouslyissuedsimilarreportsdescribinginspection-relatedobservationsfortrienniallyinspectedfirmsandotherfirms,whichareavailableonthePCAOB'swebsiteat

http://pcaobus.org/Inspections/Pages/PublicReports.aspx

PCAOBInspections

PCAOBinspectionsassessauditors'compliancewithcertainlaws, rules,andprofessionalstandardsinconnectionwithauditsofissuers.

APCAOBinspectionofanauditfirmexaminesindepthcertainaspectsofalimitednumberofauditsperformedbytheauditfirmaswellascertainelementsofthefirm'ssystemofqualitycontroloverits

auditprocesses.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |82

  • Individualauditsandareasofinspectionfocuswithinthoseauditsaregenerallyselectedonarisk-weightedbasisandnotrandomly.

  • Areasoffocusvaryamongselectedaudits,butofteninvolveauditworkontheareasoffinancialstatementswiththehighestrisk ofmaterialmisstatement.

  • In connectionwiththeirinspectionofindividualaudits,PCAOBinspectorsmayidentifysignificantauditperformancedeficiencieswheretheauditordidnotobtainsufficientauditevidencetosupportitsauditopinion.

  • In addition,inspectorsmayidentifydeficienciesinthefirm'soverallsystemofqualitycontrolthatincreasetherisk thatthefirm'ssystemwillnotprovidereasonableassurancethatitspersonnelcomplywithprofessionalstandards.

  • GeneralObservationsfrom Inspectionsin2007-2010

  • Thisreportsummarizesobservationsresultingfrominspectionsoftrienniallyinspectedfirmsthattookplacefrom2007through2010.

  • TheBoardpreviouslyissuedareportinOctober2007,addressingobservationsfrominspectionsoftrienniallyinspectedfirmsfrom2004 through2006("the2007report").

  • Overall,theresultsinthisreportcomparedtothe2007reportshow areducedrateofreportedsignificantauditperformancedeficiencies:

  • Approximately44percentoftheauditfirmsinspectedbetween2007and2010hadatleastonesignificantauditperformancedeficiencycomparedtothe2007reportwhereapproximately61percentoftheauditfirmsinspectedbetween2004and2006werereportedashavingatleastonesignificantauditperformancedeficiency.

  • Ofthe1,801individualauditsinspectedbetween2007and2010,28percenthadatleastonesignificantauditperformancedeficiency

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |83

comparedto36percentofthe1,589auditsinspectedbetween2004and2006.

-Forthe455firmsthathadasecondinspectioninthe2007-2010period,36percenthadatleastonesignificantauditperformancedeficiencyintheirsecondinspection,comparedwitharateof55percentintheirfirst inspection.

Whilereportedsignificantauditperformancedeficiencieshavedecreased,thecontinuedidentificationofthesedeficienciesin auditsperformedbyalargenumberoftrienniallyinspectedfirmsisofconcern.

TheBoardandInspectionsstafftakeanumberofactions toencouragethefirmsto addressthesedeficiencies.

In eachinspection,thestaffdiscussesthefindingswiththefirm to makesurethatallofthefactsareconsideredandtohelpthestaffandfirmunderstandthedeficiencyidentified.

Basedonthisunderstanding,thefirmsshoulddesignandimplementanynecessarychangestotheirqualitycontrolprocedures.

TheBoardencouragesfirmstoinitiateadialoguewiththeBoard'sInspectionsstaffearlyonabouthowthefirmintendstoaddressqualitycontrolcriticisms, includingthoseidentifiedasaresultofthesesignificantauditperformancedeficiencies.

TheBoardencouragesthisdialoguesothatafirmcanreceivetimelyfeedbackfromtheInspectionsstaffandenhanceitsefforts,ifnecessary,duringthetwelve-monthremediationperiod.

In addition,foranumberofyears,theBoardhasheldaseriesofforumsforauditorsofsmallercompaniestoshareinspectionresults,remediationobservations,andinformationaboutrecentlyissuedauditingstandards.

Asdescribedinmoredetailinthereport,theBoardalsoencouragesfirmsto identifyandaddresstheroot causesofanyauditperformancedeficienciesidentifiedduringtheinspectionsprocess.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |84

  • The causesofthesedeficienciesaretypicallycomplexandareoftentheresultofacombinationoffactors,including,amongothers:

  • alackoftechnicalcompetenceinaparticularauditarea;

  • alackofdueprofessionalcare, includingprofessionalskepticism;

  • ineffectiveorinsufficientsupervision,whichattimesmayhavebeenduetoheavypartnerandprofessionalstaffworkloads;

  • ineffectiveclient acceptanceandcontinuancepracticesthatfailtoconsidertechnicalknowledgecalledforinparticularaudits;or

  • ineffectiveengagementqualityreviews.

  • Withrespecttotheinspectionsconductedfrom2007through2010thatarethesubjectofthisreport,firmshaveremediatedqualitycontroldeficienciesdescribedinPartIIoftheinspectionreport totheBoard'ssatisfactioninapproximately90percentofthosecasesinwhichtheBoard hasconcludedonthefirm'sefforts.

  • Firms'remediationactivitiestoaddressspecificqualitycontroldeficiencieshaveencompassedarangeofactions,includingenhancementsofqualitycontrolpoliciesandprocedures,developingtechnicalguidancetargetedtospecificissues,developingandrequiringtrainingtargeted tospecificissues,developing newaudittools,andrequiringadditionalauditprocedures.

  • ObservationsofAuditAreaswithCommonDeficiencies

  • Althoughauditdeficienciescanoccurinmanydifferentareasofanaudit,Inspectionsstaffhaveidentifiedcertainareasin whichdeficienciesoccurredmorefrequently.

  • Thisreportincludesgeneraldescriptionsofdeficienciesincertainsuchcommonproblemareas,alongwithspecific examplesfrominspectionreports.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

  • P age |85

  • Auditareaswithfrequentfindingsinthe2007-2010periodrelatedto:

  • auditingrevenuerecognition(deficienciesalsodiscussedinpriorreports);

  • auditingshare-basedpaymentsandequityfinancinginstruments(deficienciesalsodiscussedinpriorreports);

  • auditingconvertibledebtinstruments(newcategoryinthisreport);

  • auditingfairvaluemeasurements(deficienciesalsodiscussedin priorreports,butre-categorized);

  • auditingbusinesscombinationsandimpairmentofintangibleandlonglivedassets(deficienciesalsodiscussedinpriorreports);

  • auditingaccountingestimates(deficienciesalsodiscussedinpriorreports,butre-categorized);

  • auditingrelatedpartytransactions(deficienciesalsodiscussedinpriorreports);

  • useofanalyticalproceduresassubstantive tests(deficienciesalsodiscussedinpriorreports,butre-categorized);and

  • auditprocedures torespondtotheriskofmaterialmisstatementduetofraud(new category inthisreport,butpreviouslythesubjectofaseparatereport).

  • Somecategoriesaboveareidentifiedas"deficienciesalsodiscussedin priorreports,butre-categorized"fromthepresentationin our2007report.

  • Specifically,auditingfairvaluemeasurementsanduseofanalyticalproceduresassubstantivetestswerediscussedintheequitytransactionsandrevenuecategoriesofthe2007report,respectively.

  • Whileauditingaccountingestimatesisanew categoryinthisreport,the

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |86

2007reportaddressedauditingallowanceforloan lossesandallowancefordoubtfulaccountsin the categoryonloansand accountsreceivable.

Forfraudprocedures,theBoardreleasedonJanuary22,2007,areporttitled"ObservationsonAuditors'ImplementationofPCAOBStandardsRelatingto Auditors'ResponsibilitieswithRespecttoFraud,"which describedobservationsbyInspectionsstaffrelatingto proceduresrelevant to anauditor'sconsiderationoffraud.

Categoriesofmorefrequentdeficienciesinour2007reportthatarenotincludedinthisreportare:auditors'goingconcernconsiderations,auditingloansandaccountsreceivable,auditors’considerationofissuers’useofserviceorganizations,useofotherauditors,useoftheworkofspecialists,auditorindependence,andconcurringpartnerreview.

Thesecategoriesarenot includedduetoalowerfrequencyofthesetypesofdeficienciesreportedduringthe2007-2010inspectionsthatmayhaveoccurredfornumerousreasons,includingamongothers,lowerfrequenciesinwhichcertainauditareaswerereviewedduetoissuerauditselectionandrelatedmatters,orimprovementsinauditing.

Whileobservationsofcertainindependenceviolations(e.g.,servicesrelatedtobookkeepingandpreparationoffinancialstatementsandnotestofinancialstatements,andinclusionofindemnificationclausesinengagementletters)havedeclined,theBoardcontinuestobeconcernedabout,andcontinues to identifyinstancesin whichafirmhasnotcompliedwiththerelevantindependencerequirements.

Althoughnotseparatelydiscussedwithinthereport,theBoardemphasizesthatfirmsshouldtakesteps to complywiththerelevantPCAOBandSECindependencerequirements.

Allregisteredpublicaccountingfirmsthatparticipatein auditsofissuersshouldconsiderwhethertheauditdeficienciesdescribedinthisreportmightbepresentinauditstheyarecurrentlyperforming,andshouldtakeappropriate actiontoreducethelikelihoodofrecurrenceofsimilardeficienciesinthefuture.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |87

Auditcommitteesmaywishtodiscussthisreportwithauditorstheyoverseetobetterunderstandwhetheranyofthecommondeficienciesmaybeaconcerntheyshouldconsiderinconnectionwiththeauditsoftheircompanies.

4/The467firmsthatissuedauditreportsfortheyearendedDecember31,2011differfromthe578domestictriennialfirmsthatwereinspectedatleastonceduringthe2007-2010periodfornumerousreasons,includingamongothers,firmschoosingtonolongerauditissuers(possibly temporarily)andfirmmergers.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |88

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |89

RemarksbyThomasJ.Curry

ComptrolleroftheCurrency

BeforetheNationalAssociationofAttorneysGeneralWashington,DC

It’sapleasuretobeherewithyoutoday,andparticularly tobeonthispanelwithDirectorCordray.

Together,werepresentthenation’s oldestfederalagencyanditsnewest.

Asyoumayknow,theOCCiscelebratingits150thanniversarythisyear;infact,latertoday,wewill hold aneventattheOCCcommemoratingtheenactmentoftheNationalCurrencyAct,whichwas

signedintolawbyPresidentLincoln150yearsagothisweek.

It’sanhonorforme to headtheagencyatthistime,withsomuchaccomplishmentbehindusandsomuch promiseahead.

Icertainlycan’tbeginto forecastwhatwillhappenoverthecourseofanothercenturyandahalf,butitismyfirmbeliefthattheOCCwillcontinuetoevolvetomeettheneedsofchangingmarketsandachangingpopulationoffinancialconsumers.

OneofthethingsI’vemostenjoyedduringmystillshorttermofofficeistheopportunitytoworkwithRichandtheConsumerFinancialProtectionBureauasthatagencycontinuestheprocessofstandingup.

Wehavesomewhatdifferentmissions,butintheend,wearebothworkingtowardsimilarobjectives:abankingandfinancialservicesindustrythatisnotonlysafeandsound,butopenandfairtotheAmericanconsumerand capableofsupportingthekindofeconomicgrowththatcreatesjobsandhelpsfamiliesfulfilltheirdreams.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |90

In fact,thesimilaritiesbetweenourmissionsand objectivesareevenmorepronouncedthanthat.

WhiletheCFPBisclassifiedasaconsumerprotectionagencyandtheOCCisviewedasasafetyandsoundnessagency,thosejobsgohandinhand.

Nothingismoreimportanttoafinancialinstitution’sviabilitythanitsreputation,andthatreputationdependsheavilyuponhowwellittreatsitscustomers.

In fact,reputationisoneofthekeycategoriesofriskthatourexaminersmonitor.

Andwhiletheoverwhelmingmajorityofthefederalbankswesuperviseunderstandjusthowimportantreputationis,theydeservetoknowthatnoneoftheircompetitors,especiallythosethattraditionallyhaveoperatedwithlittleregulationorsupervision,canseek acompetitiveadvantagebycuttingcorners.

That’sanarea whereIthinktheCFPBwillperformanespeciallyvital servicetobothconsumersandlenders.

Butneitherofus cansucceedinourmissionsifwedon’tworkwelltogetherorcommunicatewitheachother.

Thatrequiresanextensiveamountofcooperation,andtowardthatendwehavespentagooddealoftimebuildingasoundworkingrelationshipthatwillfacilitatethatcooperation.

RichandItalkfrequentlyandmeetonaregularbasis,andourstaffsmeetregularlyaswell.

Allin all,Ithinkit’sagoodstart.

MuchofwhatI’vesaidwouldalsoapply to ourrelationshipwiththenation’sAttorneysGeneral.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |91

It’simportantthatwemaintainagoodworkingrelationshipbasedonhonestandopencommunicationandcooperationonissuesofcommonconcern.

Itistruethatwehavedifferentmissionsanddifferentapproaches towardmeetingourmissions,butin theendwehave thesamekindofcommon objectiveIcitedwithrespect to theCFPB:weareallworkingtowardabankingandfinancialservicesindustrythattreatstheaveragepersonfairlyandfunctionsinawaythatmeetstheneedsoffamilies,communities,andthenationaleconomy.

To achievethat,wehavebroadpowerstoactagainstinstitutionsthatengagein abusiveactsorengageinunsafeandunsoundpractices.

Whereappropriate,weusethosepowersto compelfinancialinstitutionstochangethewaytheyconducttheirbusiness.

Asthechief legalofficersforyourrespectivestates,yourpowers toaddressproblemsthroughcivilsuitsorotheractionsareprobablyfamiliartomanypeople.

However,Ithinkourauthorityasaprudentialbanksupervisorisnotalwayswellunderstood.

In particular,peoplesometimesaskwhyenforcement actionsaretypicallydonethroughconsentagreements.

That’sareasonablequestion,andI’dlike to spendafewminutes todayansweringit.

Asaprudentialsupervisor,weexaminebanks regularlyandseek toidentifyissuesearlywhentheycanmosteasilybefixed.

Mostoftenthebankstakethenecessarycorrectiveaction,andthosearethecasesnoonehears aboutsinceunderlawthesupervisoryprocessisconfidential.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |92

Buttherearetimeswhenproblems cannotberemediedthroughthesupervisoryprocess,andthosearethe casesthatresultin formalenforcement actionsthatsometimesmakeheadlines.

In thosesituations,weveryoftenenduptakingactionsthatareaimedinthefirstinstanceatfixingtheproblemandwhich,dependinguponthecircumstances,mayalsoincludefinancialpenaltiesorcompensationforindividualswhosufferedharmasaresultofimproperpractices.

There’sareasonwhyIcitedremediationasthefirstgoalofanenforcementorder.

First,unlike actionsbroughtbyanAttorneyGeneral’sOffice,ourauthoritytotakeenforcementactionsisanextensionof,andinsupportofthesupervisoryprocess,andsotheprimarypurposeofouractionsisremediation– toensurethatfederalbanksandthriftsoperateinasafeandsoundmanner,andincompliancewiththelaw.

Underourstatutoryenforcementscheme,thepurposeofouractionsisnottopunishbanksormakeexamplesofanyone.

Inthatrespect,weareverydifferentfromagenciesliketheDepartmentofJustice,whichisauthorizedunderthelaw to bringactionsforpunitivepurposes,includingcriminalactions,againstinstitutionsandindividuals.

Bycontrast,theOCChasnoauthoritytoinvestigateorprosecutecriminalactivity.

Second,ifthereisalapsesignificantenough towarrantapublicaction,thentheunderlyingproblemisalmostcertainlyonethatmustbeaddressedimmediately.

Thisisparticularlytrueincasesinvolvingfinancialharmtoindividuals,wherewewillmoveasquicklyaspossible to ensurethosecustomersarecompensatedinatimelyfashion.

Whilewehaveauthoritytoimposecivilmoneypenalties,thosefinesoftencomelater,afteraremedialdocumenthasbeenputinplace.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |93

Thereareanumberofreasonsforthis.

Onereasonisthatourenforcementstatutesrequireustoconsideradditionalfactorsand, in the caseoflarger“tier2”penalties,meetaheightenedlegalstandard.

In ordertodothis,itishelpfulto havemoretime to assesswhythebankorthriftdroppedtheballinthefirstplaceandhowwellitreactedoncetheparticularconcernwasidentified.

Finally,incaseswhereotheragenciesareinvolved,wewillnormallycoordinateourpenaltyactionswiththeotheragenciessothatallactionscan bebroughttogether.

Mostoftenthese actionsaretakenwiththeconsentofthebankorthrift,andIthinkthereissomeconfusionaboutwhattheterm“consent”meansinthiscontext.

I'llstartwithwhatitdoesn'tmean:itdoesnotmeanthatwetakeanactiononlyifthesupervisedbankagrees,nordoesitmeanthatwearewillingtocompromiseontheformorthesubstanceofthe actioninorderto achieveanegotiatedsettlement.

TheOCCisnodifferentthan otheragencieswhenitcomestoresolvingitsenforcement casesbyconsent.

ThevastmajorityofactionsbroughtbytheDepartmentofJustice,theSecuritiesandExchangeCommission,theFederalTradeCommission,andotherfederalagenciesareresolvedthroughnegotiatedsettlements,inmuchthesamewayeachofyouresolvemanyoftheactionsyoutake.

Therearegoodreasonsforthis.Inmostcases,entering intoasettlementisapositiveoutcomeforboththepublicandtheagency.

Litigated casestypicallytakealongtimetoresolve,andtheycanhaveanuncertainoutcome.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |94

Thisisaparticularprobleminconsumercases,wherevictimscouldliterallybewaitingyears to obtainrelief,ifever.

Bycontrast, whenacaseissettled,anenforceableorderisimmediatelyputinplacethatrequiresbanks totakecorrectiveandremedialaction.

Oftenthebankhastopayasignificantmonetarypenaltyaswell.

Thissupportsoursupervisorygoalsofgettingproblemsfixedatthebanksastimelyandefficientlyaspossible,andensuringthatconsumersaremadewhole.

Butletmebeveryclear:whilemostofourenforcementactionsareresolvedbysettlement,wearepreparedtolitigatethose actionsifthebankorthriftrefuses to consent.

Beforeinitiatinganaction,weconductathoroughreviewofthefactsandananalysisofthelaw,andwedonotinitiateactionsunlesswebelievethey canbesuccessfullylitigated.

Consequently,westandpreparedtolitigateeachandeveryenforcementactionthatwepresenttoabankoranindividualbeforeanadministrativelawjudge,whichisthevenueforsuchactions.

Banksandthedefensebararewellawareofthisand,frankly,webelieveitisabigreasonwhysomanyoftherespondentsinourcasesareunwillingtochallengeour actionsandinsteadconsentto ourorders.

Thereisatendencyamongsometoautomaticallydismissanyenforcement actionwetakeagainstalargeinstitutionasinsufficientlysevere,butthatcriticismmissesthemarkonseveralpoints.

First,the actionswebringrequirebanksto adoptorchangepoliciesand procedures,adjustsystemsandcontrols,andrequire othersignificantoperationalchangesthataretakenveryseriouslybytheaffectedbanks.

Inthecaseofceaseanddesistorders,whicharethemostsevereremedialactionwecantakeunderourenforcementscheme,theindividual

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |95

directorssigntheorders,committingthemselvestoensuringthatthetermsoftheorderareeffectivelyimplementedandknowingthatiftheyfail,theymaybepersonallysubject to additionalaction,includingpenalties.

Whereappropriate,wehavealsoimposedfinescommensuratewiththenatureoftheinfraction,andthosefineshavesometimesbeenverysubstantial.

Forexample,notonlywastherecent$500milliondollarpenaltyweassessedagainstHSBCthelargestpenaltytheOCChaseverassessed,butitisbyfarthelargestpenaltythatanyfederalbankingagencyhaseverassessed,exceedingbyawidemarginallofthebank’scostsavingsforitsdeficientBSAcomplianceprogram.

AndasInotedamomentago,wehavenoauthoritytoprosecutecriminalcases.However,weregularlymakereferralsdirectlytotheDepartmentofJustice,andweworkcloselywiththemastheydevelopcases.

Onoccasion,wehavefoundourselvesworkingonparalleltracks,investigatingthesameinstitution,andwereabletoprovidesupport toJustice.

Whilewedon’tdisclosereferrals,oncetheyaremadeoroncetheJusticeDepartmentgetsinvolvedforanyreason,itissolelyuptoJusticetodecidewhethertoprosecuteafinancialinstitution.

Thatisn’taneasy call,andIthinkthey’vedoneaverygoodjobinexercisingappropriatejudgments.

Iwouldaddthat,inmytimeasComptroller,we’veworkedwithJusticeonanumberofcases,andbothmylegalstaffandIhavebeenextremelyimpressedwiththeprofessionalismandcollegialityofthedepartment’slawyers.

Ofcourse,thatleavesopenthequestionofwhethermorefinancialinstitutionsshouldbebroughtintocourtmoreoften.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |96

Thatis,shouldwebeseekingevenmoreseverepenaltiesthatarelesslikelytoresultin consentordersandmorelikelytolead to actionsbeforeanadministrativelawjudge?

Or,shouldmoreactionsbetakenbytheDepartmentofJusticebasedonreferralsfromanyofthebankregulatoryagenciesorthedepartment'sowninvestigativework?

Iwouldsimplysaythat,whilesuchdecisionsshouldneverbemadelightly,nooneshouldshrinkfromsuchactionwhennecessary.

Banksplayavitalrolein theeconomicwell-beingoffamiliesandcommunitiesbothhereandabroad,andtheyareessentialtothehealthofournationaleconomy.Butasimportantastheyare,theyshouldnotbeconsideredimmunefromprosecutionwhencircumstanceswarrant.

Noinstitutionshouldbeviewedas toobigtoprosecute.Norshouldindividualemployeesbeconsideredimmune.

TheOCChasampleauthority totake actionagainstculpableindividualsandalonghistoryofdoingso,includingremovalandprohibitionactionsandcivilmoneypenalties.

In virtuallyeverycasewherewetake anactionagainstaninstitution,wealsoconductaparallelreviewforpossibleactionsagainstresponsibleindividuals,andwetakesuch actionswheretheyarewarrantedandlegallysupportable.

Ibelieve theOCChasanexcellentenforcementprogramthatbalancestheseconsiderations,andithasserveduswellinmeetingoursupervisoryobjectives,byensuringthesafetyandsoundnessofour institutions,andensuringthatindividualsharmedbydeficientorabusivepracticesreceivecompensation.

Westandready to workwithyouand otherfederalandstateregulatory andlawenforcementagenciestohelpmeetourcommongoals.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |97

Thankyou.Ilookforward to yourquestions.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |98

NISTSolicitsViews, IdeasfromStakeholdersforCybersecurityFrameworkforCriticalInfrastructure

TheNationalInstituteofStandardsandTechnology(NIST)issuedaRequestforInformation(RFI)intheFederalRegisterasitsfirststepintheprocesstodevelopaCybersecurityFramework,asetofvoluntarystandardsandbestpracticestoguideindustryinreducingcyberriskstothenetworksandcomputersthatsupportcriticalinfrastructurevitaltothenation'seconomy,securityanddailylife.

Stakeholdermeetingsarealsoapartoftheframeworkprocess,andthefirstsuchmeetingwillbeheldApril3,2013,attheNISTheadquartersinGaithersburg,Md.

PresidentObamacalledfortheframeworktoreducecyberriskstocriticalinfrastructuresuchaspowerplantsandfinancial,transportationandcommunicationssystems,inhisFebruary12,2013,ExecutiveOrderon"ImprovingCriticalInfrastructureCybersecurity"

NISTrequestsideas,recommendationsandother inputfromcriticalinfrastructureownersandoperators,federalagencies,stateandlocalgovernments,standards-settingorganizations,and otherinterestedpartiesaboutcurrentriskmanagementpractices;useofframeworks,standards,guidelinesandbestpractices;specific industrypracticesandmore.

Specificquestionsare includedintheRFI.

Formoreoninformation abouttheframeworkandtheprocessNISTwillusetodeveloptheframeworkwithinayear,seetheFebruary13,2013,announcementontheDepartmentofCommerceWebpageortheNISTCybersecurityFrameworkWebpageat:www.nist.gov/itl/cyberframework.cfm

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |99

TheRFIonthenewCybersecurityFrameworkisavailableathttps://www.federalregister.gov/articles/2013/02/26/2013-04413/developing-a-framework-to-improve-critical-infrastructure-cybersecurity

Commentsaredueby5p.m.ET,Monday,April8,2013,andshouldbesentto [email protected]:"DevelopingaFrameworktoImproveCriticalInfrastructureCybersecurity."

RegistrationinformationfortheApril3publicworkshopisavailableat

www.nist.gov/itl/csd/cybersecurity-framework-workshop.cfm

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |100

ExecutiveOrder

ImprovingCriticalInfrastructureCybersecurity

BytheauthorityvestedinmeasPresidentbytheConstitutionandthelawsoftheUnitedStates

ofAmerica,itisherebyorderedasfollows:

Section1.Policy

Repeatedcyberintrusionsintocriticalinfrastructuredemonstrate theneedforimprovedcybersecurity.

Thecyberthreattocriticalinfrastructurecontinues to growandrepresentsoneofthemostseriousnationalsecuritychallengeswemustconfront.

ThenationalandeconomicsecurityoftheUnitedStatesdependsonthereliablefunctioningoftheNation'scriticalinfrastructureinthefaceofsuchthreats.

Itisthepolicy oftheUnitedStatestoenhancethesecurityandresilienceoftheNation'scriticalinfrastructureandto maintainacyberenvironmentthatencouragesefficiency,innovation,andeconomicprosperitywhilepromotingsafety,security,businessconfidentiality,privacy,andcivilliberties.

We can achievethesegoalsthroughapartnershipwiththeownersandoperatorsofcriticalinfrastructuretoimprovecybersecurityinformationsharingandcollaborativelydevelopandimplementrisk-basedstandards.

Sec.2.CriticalInfrastructure

Asusedinthisorder,the termcritical infrastructuremeanssystemsandassets,whetherphysicalorvirtual,sovitalto theUnitedStatesthattheincapacityordestructionofsuchsystemsandassetswouldhavea

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |101

debilitatingimpactonsecurity,nationaleconomicsecurity,nationalpublichealthorsafety,oranycombinationofthosematters.

Sec.3.PolicyCoordination

Policycoordination,guidance,disputeresolution,andperiodic

in-progressreviewsforthefunctionsandprogramsdescribedandassignedhereinshallbeprovidedthroughtheinteragencyprocessestablishedin PresidentialPolicyDirective-1ofFebruary13,2009(OrganizationoftheNationalSecurityCouncilSystem),oranysuccessor.

Sec.4.CybersecurityInformationSharing

(a)Itisthepolicy oftheUnitedStatesGovernmenttoincreasethevolume,timeliness,andqualityofcyberthreatinformationsharedwith

U.S.privatesectorentitiessothattheseentitiesmaybetterprotectand

defendthemselvesagainstcyberthreats.

Within120daysofthedateofthisorder,theAttorneyGeneral,theSecretaryofHomelandSecurity(the"Secretary"),andtheDirectorofNationalIntelligenceshalleachissueinstructionsconsistentwiththeirauthoritiesandwiththerequirementsofsection12(c)ofthisorder toensurethetimelyproductionofunclassifiedreportsofcyberthreatstothe

U.S.homelandthatidentifyaspecific targetedentity.

Theinstructionsshalladdresstheneedtoprotectintelligenceandlawenforcementsources,methods,operations,andinvestigations.

(b)TheSecretaryandtheAttorneyGeneral, in coordinationwiththeDirectorofNationalIntelligence,shallestablishaprocessthatrapidlydisseminatesthereportsproducedpursuanttosection4(a)ofthisordertothetargetedentity.Suchprocessshallalso,consistentwiththeneed toprotectnationalsecurityinformation, includethedisseminationofclassifiedreportstocriticalinfrastructureentitiesauthorizedto receivethem.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |102

TheSecretaryandtheAttorneyGeneral,incoordinationwiththeDirectorofNationalIntelligence,shallestablishasystemfortrackingtheproduction,dissemination,anddispositionofthesereports.

Toassisttheownersandoperatorsofcritical infrastructure inprotectingtheirsystemsfromunauthorizedaccess,exploitation,orharm,theSecretary,consistentwith6U.S.C.143andincollaborationwiththeSecretaryofDefense,shall,within120daysofthedateofthisorder,establishproceduresto expandtheEnhancedCybersecurityServicesprogram to allcriticalinfrastructuresectors.

ThisvoluntaryinformationsharingprogramwillprovideclassifiedcyberthreatandtechnicalinformationfromtheGovernmenttoeligiblecriticalinfrastructurecompaniesorcommercialserviceprovidersthatoffersecurityservicestocriticalinfrastructure.

TheSecretary,astheExecutiveAgentfortheClassifiedNationalSecurityInformationProgramcreatedunderExecutiveOrder13549ofAugust18,2010(ClassifiedNational SecurityInformationProgramforState,Local,Tribal,andPrivateSectorEntities),shallexpeditetheprocessingofsecurityclearancestoappropriatepersonnelemployedby criticalinfrastructure ownersandoperators,prioritizingthecriticalinfrastructureidentifiedinsection9ofthisorder.

In ordertomaximizetheutilityofcyberthreatinformationsharingwiththeprivatesector,theSecretaryshallexpandtheuseofprogramsthatbringprivatesectorsubject-matterexpertsintoFederalserviceonatemporarybasis.

Thesesubjectmatterexpertsshouldprovideadviceregardingthecontent,structure,andtypesof informationmostusefulto criticalinfrastructureownersandoperatorsinreducingandmitigatingcyberrisks.

Sec.5.PrivacyandCivilLibertiesProtections

(a)Agenciesshallcoordinatetheiractivitiesunderthisorderwiththeirsenioragencyofficialsforprivacyandcivillibertiesandensurethat

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |103

privacyandcivillibertiesprotectionsareincorporatedintosuchactivities.SuchprotectionsshallbebasedupontheFairInformationPracticePrinciplesandotherprivacyandcivillibertiespolicies,principles,andframeworksastheyapplytoeachagency'sactivities.

TheChiefPrivacyOfficerandtheOfficerforCivilRightsandCivilLibertiesoftheDepartmentofHomelandSecurity(DHS)shallassesstheprivacyandcivillibertiesrisksofthefunctionsandprogramsundertakenbyDHSascalledforin thisorderandshallrecommendtotheSecretarywaystominimizeormitigatesuchrisks,inapubliclyavailablereport,tobereleasedwithin1yearofthedateofthisorder.

Senioragencyprivacyandcivillibertiesofficialsforotheragenciesengagedin activitiesunderthisordershallconductassessmentsoftheiragencyactivitiesandprovidethoseassessmentstoDHSforconsiderationandinclusioninthereport.

Thereportshallbereviewedonanannualbasisandrevisedasnecessary.

Thereportmaycontainaclassifiedannexifnecessary.AssessmentsshallincludeevaluationofactivitiesagainsttheFairInformationPracticePrinciplesandotherapplicableprivacyandcivillibertiespolicies,principles,andframeworks.

Agenciesshallconsidertheassessmentsandrecommendationsofthereportinimplementingprivacyandcivillibertiesprotectionsforagencyactivities.

In producingthereportrequiredundersubsection(b)ofthissection,theChief PrivacyOfficerandtheOfficerforCivilRightsandCivilLibertiesofDHSshallconsultwiththePrivacyandCivilLibertiesOversightBoardandcoordinatewiththeOfficeofManagementandBudget(OMB).

Informationsubmittedvoluntarilyinaccordancewith6U.S.C.133byprivateentitiesunderthisordershallbeprotectedfromdisclosuretothefullestextentpermittedbylaw.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |104

Sec.6.ConsultativeProcess

TheSecretaryshallestablishaconsultativeprocess to coordinateimprovementstothecybersecurityofcritical infrastructure.

Aspartoftheconsultativeprocess,theSecretaryshallengageandconsidertheadvice,onmatterssetforthinthisorder,oftheCriticalInfrastructurePartnershipAdvisoryCouncil;SectorCoordinatingCouncils;criticalinfrastructureownersandoperators;Sector-Specific Agencies;otherrelevantagencies;independentregulatoryagencies;State,local,territorial,andtribalgovernments;universities;andoutsideexperts.

Sec.7. BaselineFrameworktoReduceCyberRisktoCriticalInfrastructure

(a)TheSecretaryofCommerceshalldirecttheDirectoroftheNationalInstituteofStandardsandTechnology(the"Director")toleadthedevelopmentofaframeworktoreducecyberriskstocriticalinfrastructure(the"CybersecurityFramework").

TheCybersecurityFrameworkshallincludeasetofstandards,methodologies,procedures,andprocessesthatalignpolicy,business,andtechnologicalapproachestoaddresscyberrisks.

TheCybersecurityFrameworkshallincorporatevoluntaryconsensusstandardsandindustrybestpracticestothefullestextentpossible.

TheCybersecurityFrameworkshallbeconsistentwithvoluntaryinternationalstandardswhensuchinternationalstandardswilladvancetheobjectivesofthisorder,andshallmeettherequirementsofthe NationalInstituteofStandardsandTechnologyAct,asamended(15

U.S.C.271etseq.),theNationalTechnologyTransferandAdvancementActof1995(PublicLaw104-113),andOMBCircularA-119,asrevised.

(b)TheCybersecurityFrameworkshallprovideaprioritized,flexible,repeatable,performance-based,andcost-effectiveapproach,including

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |105

informationsecuritymeasuresandcontrols,tohelpownersandoperatorsofcriticalinfrastructure identify,assess,andmanagecyberrisk.

TheCybersecurityFrameworkshallfocusonidentifyingcross-sectorsecuritystandardsandguidelinesapplicable to criticalinfrastructure.

TheCybersecurityFrameworkwillalsoidentifyareasforimprovement thatshouldbeaddressedthroughfuturecollaborationwithparticularsectorsandstandards-developingorganizations.

To enabletechnical innovationandaccountfororganizationaldifferences,theCybersecurityFrameworkwillprovideguidancethatistechnologyneutralandthatenablescriticalinfrastructuresectorstobenefitfromacompetitivemarketforproductsandservicesthatmeetthestandards,methodologies,procedures,andprocessesdevelopedtoaddresscyberrisks.

TheCybersecurityFrameworkshallincludeguidanceformeasuringtheperformanceofanentityinimplementingtheCybersecurityFramework.

TheCybersecurityFrameworkshallincludemethodologiestoidentifyandmitigateimpactsoftheCybersecurityFrameworkandassociatedinformationsecuritymeasuresorcontrolsonbusinessconfidentiality,andtoprotectindividualprivacyandcivilliberties.

IndevelopingtheCybersecurityFramework,theDirectorshallengagein anopenpublicreviewandcommentprocess.

TheDirectorshallalsoconsultwiththeSecretary,theNational SecurityAgency,Sector-SpecificAgenciesandotherinterestedagenciesincludingOMB,ownersandoperatorsofcriticalinfrastructure,andotherstakeholdersthroughtheconsultativeprocessestablishedinsection6ofthisorder.

TheSecretary,theDirectorofNationalIntelligence,andtheheadsofotherrelevantagenciesshallprovidethreatandvulnerabilityinformationandtechnicalexpertiseto informthedevelopmentoftheCybersecurityFramework.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |106

TheSecretaryshallprovideperformancegoalsfortheCybersecurityFrameworkinformedbyworkundersection9ofthisorder.

Within240daysofthedateofthisorder,theDirectorshallpublishapreliminaryversionoftheCybersecurityFramework(the"preliminaryFramework").

Within1yearofthedateofthisorder,andaftercoordinationwiththeSecretarytoensuresuitabilityundersection8ofthisorder,theDirectorshallpublishafinalversionoftheCybersecurityFramework(the"finalFramework").

Consistentwithstatutoryresponsibilities,theDirectorwillensuretheCybersecurityFrameworkandrelatedguidanceisreviewedandupdatedasnecessary,takingintoconsiderationtechnologicalchanges,changesincyberrisks,operationalfeedbackfromownersandoperatorsofcriticalinfrastructure,experiencefromtheimplementationofsection8ofthisorder,andanyotherrelevantfactors.

Sec.8.VoluntaryCriticalInfrastructureCybersecurityProgram

TheSecretary,incoordinationwithSector-SpecificAgencies,shallestablishavoluntaryprogram to supporttheadoptionoftheCybersecurityFrameworkby ownersandoperatorsofcriticalinfrastructureandany otherinterestedentities(the"Program").

Sector-SpecificAgencies, in consultationwiththeSecretaryandotherinterestedagencies,shallcoordinatewiththeSectorCoordinatingCouncils to reviewtheCybersecurityFrameworkand,ifnecessary,developimplementationguidanceorsupplementalmaterialstoaddresssector-specificrisksandoperatingenvironments.

Sector-SpecificAgenciesshallreportannually to thePresident,throughtheSecretary,ontheextenttowhich ownersandoperatorsnotifiedundersection9ofthisorderareparticipating in theProgram.

TheSecretaryshallcoordinateestablishmentofasetofincentivesdesigned topromoteparticipationintheProgram.Within120daysofthe

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |107

dateofthisorder,theSecretaryandtheSecretariesoftheTreasuryandCommerceeachshallmakerecommendationsseparately tothePresident,throughtheAssistanttothePresidentforHomelandSecurityandCounterterrorismandtheAssistanttothePresidentforEconomicAffairs,thatshallincludeanalysisofthebenefitsandrelativeeffectivenessofsuchincentives,andwhethertheincentiveswouldrequirelegislationorcan beprovidedunderexistinglawandauthorities toparticipantsintheProgram.

(e)Within120daysofthedateofthisorder,theSecretaryofDefenseandtheAdministratorofGeneralServices,inconsultationwiththeSecretaryandtheFederalAcquisitionRegulatoryCouncil,shallmake recommendationstothePresident,throughtheAssistanttothePresidentforHomelandSecurityandCounterterrorismandtheAssistanttothePresidentforEconomicAffairs,onthefeasibility,securitybenefits,andrelativemeritsofincorporatingsecuritystandardsinto acquisition planningandcontractadministration.

Thereportshalladdresswhatsteps canbetakentoharmonizeandmakeconsistentexistingprocurementrequirementsrelatedtocybersecurity.

Sec.9.IdentificationofCriticalInfrastructureatGreatestRisk

(a)Within150daysofthedateofthisorder,theSecretaryshallusearisk-basedapproachto identifycriticalinfrastructurewherea

cybersecurityincidentcouldreasonablyresultin catastrophicregionalornationaleffectsonpublichealthorsafety,economicsecurity,ornational

security.

Inidentifyingcriticalinfrastructureforthispurpose,theSecretaryshallusetheconsultativeprocessestablishedinsection6ofthisorderand drawupontheexpertiseofSector-SpecificAgencies.

TheSecretaryshallapplyconsistent,objectivecriteriainidentifyingsuchcriticalinfrastructure.

TheSecretaryshall notidentifyanycommercialinformationtechnologyproductsorconsumerinformationtechnologyservicesunderthissection.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |108

TheSecretaryshallreviewandupdatethelistofidentifiedcriticalinfrastructureunderthissectiononanannualbasis,andprovidesuchlist tothePresident,throughtheAssistanttothePresidentforHomelandSecurityandCounterterrorismandtheAssistant tothePresidentforEconomicAffairs.

HeadsofSector-Specific Agenciesand otherrelevantagenciesshallprovidetheSecretarywithinformationnecessaryto carryouttheresponsibilitiesunderthissection.

TheSecretaryshalldevelopaprocessforotherrelevantstakeholders tosubmitinformationtoassistinmakingtheidentificationsrequiredinsubsection(a)ofthissection.

TheSecretary,incoordinationwithSector-SpecificAgencies,shallconfidentiallynotifyownersandoperatorsofcriticalinfrastructureidentifiedundersubsection(a)ofthissectionthattheyhavebeensoidentified,andensureidentifiedownersandoperatorsareprovidedthebasisforthedetermination.

TheSecretaryshallestablishaprocessthroughwhich ownersandoperatorsofcriticalinfrastructuremaysubmitrelevantinformationandrequestreconsiderationofidentificationsundersubsection(a)ofthissection.

Sec.10.AdoptionofFramework

(a)Agencieswithresponsibilityforregulatingthesecurityofcriticalinfrastructureshallengagein aconsultativeprocesswithDHS, OMB,andtheNationalSecurityStafftoreviewthepreliminaryCybersecurityFrameworkanddetermineifcurrentcybersecurityregulatoryrequirementsaresufficientgivencurrentandprojectedrisks.

In makingsuchdetermination,theseagenciesshallconsidertheidentificationofcriticalinfrastructurerequiredundersection9ofthisorder.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |109

Within90daysofthepublicationofthepreliminaryFramework,theseagenciesshallsubmitareport tothePresident,throughtheAssistanttothePresidentforHomelandSecurityandCounterterrorism,theDirectorofOMB,andtheAssistant to thePresidentforEconomicAffairs,thatstateswhetherornottheagencyhas clearauthority to establishrequirementsbasedupontheCybersecurityFrameworktosufficientlyaddresscurrentandprojectedcyberrisksto criticalinfrastructure,theexistingauthoritiesidentified,andanyadditionalauthorityrequired.

Ifcurrentregulatoryrequirementsaredeemedtobeinsufficient,within90daysofpublicationofthefinalFramework,agenciesidentified insubsection(a)ofthissectionshallproposeprioritized,risk-based,efficient,andcoordinated actions,consistentwithExecutiveOrder12866ofSeptember30,1993(RegulatoryPlanningandReview),ExecutiveOrder13563ofJanuary18,2011(ImprovingRegulationandRegulatoryReview),andExecutiveOrder13609ofMay1,2012(PromotingInternationalRegulatoryCooperation),tomitigatecyberrisk.

Within2yearsafterpublicationofthefinalFramework,consistentwithExecutiveOrder13563andExecutiveOrder13610ofMay10,2012(IdentifyingandReducingRegulatoryBurdens),agenciesidentifiedinsubsection(a)ofthissectionshall, in consultationwith ownersandoperatorsofcriticalinfrastructure,reportto OMBonanycriticalinfrastructuresubject to ineffective,conflicting,orexcessivelyburdensomecybersecurityrequirements.

Thisreportshalldescribeeffortsmadebyagencies,andmakerecommendationsforfurtheractions,tominimizeoreliminatesuchrequirements.

TheSecretaryshallcoordinatetheprovisionoftechnicalassistancetoagenciesidentifiedinsubsection(a)ofthissectiononthedevelopmentoftheircybersecurityworkforceandprograms.

IndependentregulatoryagencieswithresponsibilityforregulatingthesecurityofcriticalinfrastructureareencouragedtoengageinaconsultativeprocesswiththeSecretary,relevantSector-SpecificAgencies,

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |110

andotheraffectedpartiestoconsiderprioritizedactionstomitigatecyberrisksforcriticalinfrastructureconsistentwiththeirauthorities.

Sec.11.Definitions

"Agency"meansanyauthorityoftheUnitedStatesthatisan"agency"under44U.S.C.3502(1),otherthanthoseconsidered tobeindependentregulatoryagencies,asdefinedin44U.S.C.3502(5).

"CriticalInfrastructurePartnershipAdvisoryCouncil"meansthecouncilestablishedbyDHSunder6U.S.C.451tofacilitateeffectiveinteractionandcoordinationofcriticalinfrastructureprotectionactivitiesamongtheFederalGovernment;theprivatesector;andState,local,territorial,andtribalgovernments.

"FairInformationPracticePrinciples"meanstheeightprinciplessetforthinAppendixAoftheNationalStrategyforTrustedIdentitiesinCyberspace.

"Independentregulatoryagency"has themeaninggiventhetermin44U.S.C.3502(5).

"SectorCoordinatingCouncil"meansaprivatesectorcoordinatingcouncilcomposedofrepresentativesofownersandoperatorswithinaparticularsectorofcriticalinfrastructureestablishedbytheNationalInfrastructureProtectionPlanoranysuccessor.

"Sector-SpecificAgency"hasthemeaninggiventhe terminPresidentialPolicyDirective-21ofFebruary12,2013(CriticalInfrastructureSecurityandResilience),oranysuccessor.

Sec.12.GeneralProvisions

(a)Thisordershallbeimplementedconsistentwithapplicablelawandsubjecttotheavailabilityofappropriations.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |111

Nothing in thisordershallbeconstruedtoprovideanagencywithauthorityforregulatingthesecurityofcriticalinfrastructureinadditiontoortoagreaterextentthantheauthoritytheagencyhasunderexistinglaw.

Nothing in thisordershallbeconstruedtoalterorlimitanyauthorityorresponsibilityofanagencyunderexistinglaw.

Nothinginthisordershallbeconstruedtoimpairorotherwiseaffect thefunctionsoftheDirectorofOMBrelatingtobudgetary,administrative,orlegislativeproposals.

Allactionstakenpursuanttothisordershallbeconsistentwithrequirementsandauthorities toprotectintelligenceandlawenforcementsourcesandmethods.

Nothing in thisordershallbeinterpretedto supersedemeasuresestablishedunderauthorityoflaw toprotectthesecurityandintegrityofspecificactivitiesandassociationsthatare indirectsupportofintelligenceandlawenforcementoperations.

ThisordershallbeimplementedconsistentwithU.S.internationalobligations.

Thisorderisnotintendedto,anddoesnot,createanyrightorbenefit,substantiveorprocedural,enforceableatlaworinequitybyanypartyagainsttheUnitedStates,itsdepartments,agencies,orentities,itsofficers,employees,oragents,orany otherperson.

BARACKOBAMA

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |112

CRDIV

FSArefreshedstatementregardingCRDIVimplementation

TheoriginalproposeddeadlineforentryintoforceofthedraftEuropeanUnionlegislationtoupdatetheframeworkforcapitalrequirements,knownasCRDIV,hasnowpassed.

NegotiationsbetweentheEuropean Parliament,European CommissionandCouncilofMinisterstofinalisethelegislationarestillunderway.

TheFSAcontinuestotakeallactionit can toprepareforimplementation ofCRDIVandcontinues to expectfirmstodothesame.

Taking intoaccountthefurtherslippagesinthenegotiationtimetable,theFSAnowexpects to beabletobegincollectingdataunder CommonReportingfortheperiodbeginning1January2014,shouldthelegislation haveenteredintoforcebythisdate.

TheEuropeanCommission’sproposalsforCRDIV,consistingofaRegulationandaDirective,hadanimplementationdateof1January2013,inlinewiththeimplementationdateoftheBaselIIIagreement.

Due tothecontinuednegotiationsbetweentheEuropeanCommission,ParliamentandCouncil,thisproposedimplementationdatehasnowpassed.

NoalternativedatehasyetbeencommunicatedbytheEUinstitutions.

TheFSAwillcontinue toundertakeallpreparatoryworkthatispossibleintheabsenceoffinalisedlegislative text.

WeexpectallfirmsinscopeofCRDtodolikewise.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |113

Wesetoutourintendedapproach to capitaltransitioninastatementinOctober2012.

Oncefinalisedlegislative textisavailableattheEUleveltheFSAintendstopubliclyconsulton changestoFSArules.

Theprovisionsofthe Regulationwilldirectlyapplytofirms.

TheintroductionofCommonReporting,whichisincorporatedintotherequirementsinCRDIV,isdependentondeliveryofthenecessary technicalsystemsandonimplementingtechnicalstandardstobedrafted bytheEuropeanBankingAuthorityandadoptedbytheEuropeanCommission.

TheFSAisproceedingwiththenecessarypreparatoryworktobereadytobegincollectingdataunderCommonReportingfortheperiodbeginning1January2014,shouldthelegislationandrelatedstandardsbein forceby thisdate.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |114

Disclaimer

TheAssociationtries toenhancepublic access toinformationaboutrisk andcompliancemanagement.

Ourgoalis tokeepthisinformationtimelyandaccurate.Iferrorsarebroughttoourattention, we willtry tocorrectthem.

Thisinformation:

-

isofageneralnatureonlyandisnotintendedtoaddress thespecific

circumstancesofanyparticularindividualorentity;

-

shouldnotbereliedonintheparticularcontextofenforcementorsimilar

regulatory action;

-

isnotnecessarilycomprehensive,complete,oruptodate;

-

issometimeslinkedtoexternalsitesoverwhich theAssociationhasnocontrol

andfor whichtheAssociationassumesnoresponsibility;

-

isnotprofessionalorlegaladvice(ifyouneedspecificadvice,youshould

alwaysconsultasuitablyqualifiedprofessional);

-

isinnowayconstitutiveofaninterpretativedocument;

-doesnotprejudgethepositionthattherelevantauthoritiesmightdecide totakeonthesame mattersifdevelopments, includingCourtrulings,were toleadittorevisesomeoftheviewsexpressedhere;

-

doesnotprejudgetheinterpretationthattheCourtsmightplaceonthematters

atissue.

Pleasenotethatit cannotbeguaranteedthattheseinformationanddocumentsexactlyreproduceofficiallyadoptedtexts.

Itisourgoaltominimizedisruptioncausedbytechnicalerrors.

Howeversomedataorinformationmayhavebeencreatedorstructuredinfilesorformatsthatarenoterror-freeand we cannotguaranteethatourservicewillnotbeinterruptedorotherwiseaffectedbysuchproblems.

TheAssociationacceptsnoresponsibilitywithregardtosuchproblemsincurredas aresultofusingthissiteoranylinkedexternalsites.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |115

CertifiedRiskandComplianceManagementProfessional (CRCMP)distancelearningandonlinecertificationprogram.

CompanieslikeIBM, Accentureetc.consider the CRCMPapreferredcertificate.Youmayfindmoreifyousearch(CRCMPpreferred certificate) usinganysearchengine.

Theall-inclusivecostis $297.Whatisincludedintheprice:

Theofficialpresentationsweuse

inourinstructor-ledclasses(3285slides)

The2309slidesareneeded for theexam,asallthequestionsare basedon theseslides.Theremaining976slidesareforreference.

Youcanfindthecoursesynopsisat:

www.risk-compliance-association.com/Certified_Risk_Compliance_Training.htm

Upto3OnlineExams

Youhaveto passoneexam.

Ifyoufail, youmuststudytheofficial

presentationsandtryagain,but youdonotneedto spend money.Upto 3examsareincludedintheprice.

To learnmoreyoumayvisit:

www.risk-compliance-association.com/Questions_About_The_Certification_And_The_Exams_1.pdf

www.risk-compliance-association.com/CRCMP_Certification_Steps_1.pdf

PersonalizedCertificateprintedinfullcolor

Processing,printing,packingandpostingto yourofficeorhome.

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


P a g e 1 inter n atio na l a s s oci a t ion of r isk a nd co mpl i a n c e pr o f e s s io na l s i a rcp

P age |116

D.TheDoddFrankActandthenewRiskManagementStandards(976slides,includedinthe3285slides)

TheUSDodd-Frank WallStreet Reform andConsumerProtectionAct isthe mostsignificant pieceoflegislation concerning thefinancialservicesindustryinabout80years.

What doesitmeanforriskandcompliancemanagementprofessionals?Itmeansnewchallenges,newjobs,newcareers,andnewopportunities.

Thebillestablishesnewrisk managementandcorporategovernance principles,setsupanearlywarning

systemto protect theeconomyfrom futurethreats,andbringsmore

transparencyandaccountability.

ItalsoamendsimportantsectionsoftheSarbanesOxley Act.Forexample,itsignificantlyexpandswhistleblowerprotectionsunder the SarbanesOxleyActandcreatesadditionalanti-retaliationrequirements.

Youwill findmoreinformation at:

www.risk-compliance-association.com/Distance_Learning_and_Certification.htm

InternationalAssociationofRiskandComplianceProfessionals(IARCP)www.risk-compliance-association.com


  • Login