Association of International Bank Auditors

1. Association of International Bank Auditors • Anticipated Post-Election Changes in the Regulatory Environment Presentation by Professor John Alan James Executive Director Pace Global Center for Governance, Reporting and Regulation

2. Opinions are personal views and not those of Pace University or Lubin School of Business

3. Agenda • 1. Status of Legislative Process- • Mandates to rules, comments, Federal Register • 129 rules finalized, 137 additional rules to go 2. Key areas of remaining rules 3. Evaluation of impact to date on: Governance in financial institutions Increased emphasis & scope of risk management 4. Personal views on future regulatory actions and impact on risk management, compliance and internal audit

4. Impacts to date • 129 rules cover a dozen different areas • Implemented by seven major regulators • Assign powerful oversight to new FSOC • Financial Stability Oversight Council • Focus of FSOC (and FRB) to oversee ‘’systemically significant’’ organizations and their systemic risk • Discussion of the ‘’living will’’ provision • Relationships to both risk management and strategic planning

5. Impacts to Date • 127 rules into law in the Federal Register • Thousands of pages of suggested rule sent out for comments…60 days to implementation • Impact seven key regulatory agencies and dozens of non-financial institution areas (FHA, HUD, FMA) • Created major training needs for both banks and the regulators, themselves • Focused management attention on: • New and greater importance of compliance function • Shortage of qualified personnel for both compliance and internal audit functions

6. Areas Left to Cover137 Rules • Financial Stability Reform Resolution Planning • Agencies/Oversight Reform Securitization Reform • Derivatives Regulation Investor Protection Reform • Credit Rating Agency Reform Volker Rule • Capital Requirements FBO Regulation • Consumer Protection Reform Mortgage Origination • Specialized Corporate Disclosures • Compensation, Corporate Governance & Disclosure

7. Impacts • Governance in financial institutions: • New focus at Board and CEO levels on integration of risk management/strategic planning and compliance and internal audit/legal • Two types of corporate governance: • External-complying with the law • Internal- controlling board policies and procedures • Compliance/internal audit responsible for Both areas of governance

8. New organizational Demands • Boards and executive management need to re-focus role of risk management to include; • Key compliance risk management factors; • External- comply or pay huge fines, loss of licence • Internal- reputational and operational risks, people related risks require new approaches and controls • Boards must consider re-structuring the roles and integration of all risk related functions; including where compliance fits and reports

9. An Effective Risk Management Program • Includes clearly stated board policies and procedures • Organization-wide adoption of system for identifying risks, evaluating potential impact, estimating dollar and other impacts, and • Creation of a clear and concise Regulatory Strategy and Action Plans for dealing with each level of identified risk

10. Identifying Critical Risks Type of risk Source p. Rank Action Plan(s) 1 Organize/implement Solutions/assignments 4 Prepare strategy and tactics Materials needed • 1. Cease & desist OCC .6 • 2. Upcoming Exam FRB .8

11. Principles for EffectiveCompliance Risk Management* • 1. Clearly defined definition, used consistently throughout (top to bottom) organization • 2. Common risk framework with appropriate standards consistently applied • 3.Key roles, responsibilities, and authority clearly defined, effectively monitored/tested • 4.Comon risk infrastructure used to support BOTH business units and compliance functions

12. What does the future hold? • As a management consultant I rely on THREE SCENARIO approach; • Worst case- analyze and evaluate every possible negative ‘’WHAT IFs?’’ • Best case- what about all the positive ‘’What Ifs?’’ • Something in between • Nothing could really be that bad or good • Key Word—CONTINGENCY PLANNING • Know what could and should be done in every case

13. My ForecastUsing three scenario method • Worse case- Current ‘’anti-banking’’ attitudes continue from White House and Administration. • Pressure on Congress to finish action on: • Volker Rule, Living Will, Money Markets, • Trading in derivatives, Defining US ‘’person’’ • Pressure to complete remaining 137 rules • Expansion of risk management exams to include all strategic issues from ‘’living will’’

14. My Opinions • Best Case (you know this won’t happen!) • President Obama has FSOC hold sessions with Congressional and business leaders to: • Evaluate the impact of 129 rules, cost/benefit analyses, • Hold up on all further action pending results • President meets with leaders from US banks/FBOs to discuss how regulations, reporting and examinations can be made less stressful and convivial. Clarifies extra-territorial goals

15. What is most likely to happen? • I DO NOT HAVE A CLUE! • However, from my Air Force Training I do know that an ‘’incident’’ without a well thought through CONTINGENCY PLAN can easily lead to TRAGEDY. • Risk Management should not be viewed as a ‘’pain in the …., but as a tool to weather the inevitable ‘’storm’’

16. QUESTIONS? • My contacts: jjames@pace.edu • (203) 588-1668 • For info on CCRP program • www.pace.edu/lubin/ccrp • For more details on Principles of Risk Management • www.deloitte.com/riskintelligententerprise • THANKS FOR THE INVITATION AND YOUR ATTENTION