Not unexpectedly following the financial crisis, internal audit departments of financial services companies find themselves subject to heightened scrutiny by regulators. They are expected to increase their coverage of key areas such as enterprise risk management and consumer compliance, and they are being called to task when regulatory examinations disclose problems they did not surface. At the same time, internal audit departments are expected to play a significant role in monitoring the implementation of the Dodd-Frank Wall Street Reform and Consumer Protection Act in their organizations.
Challenges and Opportunities
Managing the degree of regulatory change that will result from the promulgation of an estimated 350 new rules called for under the Dodd-Frank Act will be a formidable challenge for the financial services industry.
Internal audit departments will play a key role in helping to ensure that new regulatory requirements are implemented appropriately and timely. This will require considerable coordination and interaction by the internal audit function with key players throughout the organization, as well as flexible internal audit project planning.
Our Point of View
Providing senior management and boards of directors with assurance that regulatory reforms are being implemented as required will be a priority for internal audit departments in the coming years.
Keys to discharging this responsibility effectively include:
- Understanding the requirements of the Dodd-Frank Act and their likely impact on your organization.
- Understanding the expectations of new and/or different regulators for the internal audit function and developing outreach to establish a relationship with new/different regulatory bodies.
- Determining whether your organization is prepared to analyze and implement new requirements. For many institutions, this will require a regulatory reform project management office (PMO), and a steering committee with executive sponsorship and representatives from across the company, including risk management, legal, compliance, human resources, technology, finance and accounting, tax, the business lines, and internal audit.
- Effectively tracking proposed regulations and planned effective dates, recognizing that there is likely to be slippage in proposed projected timetables.
- Determining the impact of the implementation schedule on currently planned internal audit reviews and the need to reset priorities.
- Assessing whether existing internal audit capabilities will be adequate given new requirements and implementation issues. Consumer compliance and technology capabilities are among those likely to be stretched in coming years.
- Promptly notifying senior management and the board of directors if implementation deadlines are in jeopardy of not being met.
- Ensuring “everyday work” still gets done while implementation efforts are underway.
- Emphasize project management.
- Be diligent, but patient, in recognition that implementation will be protracted.
- Participate in evolving the risk management organization.
- Don’t lose sight of ongoing examination priorities.
- Consider the extent of technology change required.
- Focus on mortgage reform.
- Monitor credit rating agency changes.
- Review compliance with compensation requirements.
- Increase emphasis on fraud risk management.
- For small banks, don’t forget SOX.
Internal audit departments are the “eyes and ears” of senior management and the board of directors. While it is not the responsibility of internal audit to implement regulatory requirements, it is internal audit’s duty to keep senior management and the board apprised of the organization’s implementation efforts. Failure of an internal audit department to address the regulatory reform challenge proactively will expose an organization to noncompliance and potentially damaging competitive disadvantage, and will subject the internal audit function to regulatory criticism.
How We Help Companies Succeed
Protiviti’s U.S. Financial Services Team understands the inherent risks our clients face and the challenges they encounter in developing and maintaining effective internal audit programs, as well as the unprecedented challenges they will face in implementing so many regulatory changes in the coming years. With delivery capabilities across the country, we draw on our proven project management skills, our knowledge of the financial services industry, and our deep competencies in risk and compliance, technology, internal audit, finance, and business processes, to assist our clients in:
- Understanding the regulatory requirements and their impact on a company’s business
- Determining the impact on the internal audit function
- Developing or redesigning internal audit work programs
- Performing implementation audits and/or assisting internal audit departments in executing other planned audits
We were engaged by a regional financial institution to undertake a review of its compliance audit capabilities in light of new regulatory requirements. We reviewed the organization’s approach to performing a compliance risk assessment, its existing internal audit policies and procedures, and its current complement of compliance auditors, and made recommendations to the chief audit executive for enhancing the compliance audit program. On a shortterm basis, we also provided specialty compliance audit resources to assist the organization in completing scheduled compliance audits.