Risk Advisory Services
Specialized Consulting for Financial Institutions
The roots of the Snodgrass Risk Advisory Group go back more than 30 years. Over the years, our service offerings have continuously evolved, keeping our clients on pace with regulatory shifts and changes, no matter how large or small. However, one thing has never changed—our constant commitment to working closely with every client to develop a truly customized Risk Management approach, tailored to their specific needs and situation.
The Snodgrass Risk Advisory Group provides a comprehensive Risk Management methodology that engages multiple experts from our experienced team. Our proprietary process links to strategy, business opportunities, and virtually all business decisions—ensuring optimum productivity while minimizing risk.
A Complete Portfolio of Consulting Services
Snodgrass Risk Advisory Group professionals have advised hundreds of financial institutions, from de novo community bank start-ups to multibillion dollar banks and bank holding companies, including those with diversified non-bank subsidiaries.
Internal Audit Outsourcing and Co-sourcing
Our internal audits are conducted with due professional care in accordance with the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework and the standards of the Institute of Internal Auditors and the Federal Financial Institutions Examination Council. Every Audit is designed to ensure that all internal checks and controls provide adequate safeguards for our clients’ general operating efficiency, and comply with all policies, laws, regulations, and generally accepted accounting principles.
Regulatory Compliance Consulting and Monitoring
Compliance Monitoring is a core component of an effective Compliance Management System (CMS). Many institutions are challenged to effectively implement compliance monitoring practices that support the overall compliance program, relying on other components, such as training and internal control.
Our regulatory compliance approach is customized to meet the unique risk and circumstances of each financial institution. Whether it is a specific targeted review, a full compliance audit, or entity level risk assessment, our risk-based approach ensures appropriate coverage of significant areas and assists management in developing a scalable audit plan and determining the appropriate frequency and scope.
Bank Secrecy Act/Anti-Money Laundering Model Validations
Bank Secrecy Act (BSA) Model Validations are a critical part of Model Risk Management. Our early entry into providing Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) model validation services began in 2011, in response to the industry demand for such services. The primary objective of the model validation service is to appropriately address the Federal Deposit Insurance Corporation (FDIC)’s conceptual framework for model governance and model validation that follows the Office of the Comptroller of the Currency’s Supervisory Guidance on Model Risk Management, which is considered the primary source for formal regulatory guidance on model governance.
This guidance describes the elements of a sound program, to effectively manage model risk and is the most comprehensive regulatory issuance on this subject. On June 7, 2017, the FDIC released Financial Institution Letter 22-2017, adopting the Supervisory Guidance on Model Risk Management. In performing the requested model validation services, Snodgrass will follow this regulatory guidance.
In addressing the guidance, we will apply a ten-step approach, as follows:
- Step 1: Determine the Role of the Model
- Step 2: Understand the Institution’s BSA/AML Risks
- Step 3: Understand the Capabilities and Limitations of the Model
- Step 4: Evaluate the Processing Component of the Model
- Step 5: Understand the Data Sources
- Step 6: Verify Model Setup/Attributes
- Step 7: Evaluate Data Integrity and Controls
- Step 8: Verify the Data
- Step 9: Evaluate Filtering Criteria and Thresholds
- Step 10: Evaluate Model Outcomes and Reports
After executing the ten steps noted above, we conclude on the three primary components of the model:
- The information input component: how data is delivered to the model
- The processing component: transformation of data for monitoring
- The model outcomes component: translate data into reports, alerts, and useful information
Outsourcing Services
In addition to our traditional compliance audit outsourcing, The Snodgrass Risk Advisory Group also provides a highly cost-effective solution to the outsourcing of every Financial Institution’s monitoring. We provide an increased frequency of review (typically quarterly or semi-annually) of key compliance functions, with an emphasis on transaction and control testing. This incorporates an overview of critical functions with a comprehensive Risk Analysis, to determine frequency of review, reporting results to the Board of Directors.
We also provide a detailed update of high-priority changes within the banking environment, compliance advisory services, as well as an ongoing review of compliance documentation, noting changes to disclosures and advertisements. As part of our Risk Advisory services, we make ourselves available to consult with every client’s compliance team or management as needed and respond to routine questions within 24 hours.
Our ongoing monitoring function is designed to ensure reduced frequency and severity of related audit and regulatory criticism. Our Risk Advisory Team continually consults on compliance issues, including frequent reviews designed to detect procedural or system issues before they impact customers, while advising management on industry changes as they develop.
Home Mortgage Disclosure Act (HMDA) Data Integrity Reviews
The HMDA regulation has detailed requirements regarding the types of loan applications that are reportable and the data elements that need to be collected and ultimately reported for each loan application. We perform a detailed data integrity review of all information compiled on the Loan Application Register (LAR) provided by management for a selected period. Some of our procedures include verifying each piece of information recorded on the HMDA LAR for accuracy for each loan application listed, including the geocoding of the property location and the loan purpose.
Trust Department Audits
Our audit procedures are conducted by specialized, experienced internal auditors, including a Certified Fiduciary and Investment Risk Specialist. Our audit for the Company’s Trust Department will meet the regulatory requirements of Section 1407 Trust Activities, which will be tailored based on the risk assessment of your trust area. We also follow up on the most recent regulatory examination and prior internal audit comments for the status and appropriateness of any corrective actions taken.
The scope of our internal audit includes the following requirements, though some areas will be audited every other year, depending on the risk inherent within that area:
- Verification and existence of trust assets
- Detailed review and testing of trust operations
- Conducting administrative reviews on a sample of trust accounts, based on risks inherent within each type of account
Enterprise Risk Management
The Snodgrass Risk Advisory Group collaborates with every client, developing and implementing a comprehensive enterprise risk management program, ultimately creating a truly customized approach to building an effective ERM process. Our proprietary Enterprise Risk Management (ERM) Framework was developed in 2009, as bank regulators began to propose the COSO-based approach to the financial services industry. Regulators have described our ERM Framework as “best practices” to many of our clients.
Our approach begins with identifying the desired reward of each financial institution. This can be based on the current strategic plan, or we will work with our client to help develop a new plan. We then oversee the development of a comprehensive “Risk Appetite Statement” linked to the institution’s strategic objectives. We prepare Risk Area Reports for those risk area assessments for presentation to the Board of Directors which include a summary of the risk and opportunity assessment results, a risk assessment dashboard, key risk indicators, and the recommended response to the identified risk position for each identified risk area. In addition, we provide training, ongoing coaching, and oversight to the Chief Risk Officer and other designated personnel to develop and implement the ERM program.
We assist in developing Key Risk Indicators (“KRIs”) and appropriate risk tolerance ranges linked to the achievement of each client’s specific strategic objectives, including:
- Fair Lending and CRA analysis
- Sarbanes-Oxley Act and Federal Deposit Insurance Corporation Improvement Act guidance, consultation, and implementation
- Process engineering
- Branch analysis and Demographics
- Compliance with regulatory agreements
- Strategic planning