CMS

Question 1

Outline the monitoring elements of the CMS.

Answer 1

• compliance testing

* remediation

Question 2

Once an exam finding root cause is determined, what is the next step?

Answer 2

determine the extent of the problem (scope)

Question 3

What is purpose of the Compliance Management System (CMS)?

Answer 3

• manage regulatory compliance responsibilities
• help the bank may risk-based decisions
• help the bank correlate risk across the enterprise

Question 4

Once an exam finding has been analyzed to determine root cause and scope, what is the next step?

Answer 4

write an analysis for management explaining the situation

Question 5

What lines of defense collaboratively manage regulatory compliance risk?

Answer 5

1) business unit

2) governance oversight

Question 6

Outline the structure elements of the CMS.

Answer 6

• mission statement
• roles and responsibilities
• compliance policies and procedures

Question 7

Once the bank is citied in an exam finding, what is the next step?

Answer 7

validate the finding

Question 8

What are the elements of risk identification?

Answer 8

• Inherent Risk (before controls)
• exposure
• likelihood
• Residual Risk (after controls)

Question 9

Explain the responsibilities of a compliance professional.

Answer 9

• understand operating environment and risk tolerance
• perform risk assessments (including recommendations for mitigants)
• elevate unmitigated risk areas
• provide reporting
• review and revise policies and procedures
• assist in correcting errors and providing training

Question 10

What are the “three lines of defense” for managing risk on an enterprise-wide basis?

Answer 10

1) business unit
2) governance oversight
3) internal or external audit

Question 11

Name the 6 primary risk management roles compliance professionals fill.

Answer 11

• provide regulatory advice to help business units mitigate risks
• regulatory change management
• compliance monitoring
• coordinate regulatory exams
• oversee compliance training
• review policies, procedures, and marketing materials

Question 12

What is the first step a compliance officer should do when a new product is launching?

Answer 12

perform a risk assessment to determine the bank’s level of risk in offering the new product

Question 13

What is the high-level purpose of an effective CMS framework?

Answer 13

Ensure management understands the bank’s level of compliance risks and any steps to mitigate them.

Question 14

How can compliance professionals formalize their risk mitigation system?

Answer 14

Risk Assessments

Question 15

Outline the compliance training elements of the CMS.

Answer 15

• needs
• timing
• applicability

Question 16

What are the two types of controls?

Answer 16

1) preventative controls

2) detective controls

Question 17

If the business unit has decided on a plan of action to mitigate risk that the compliance officer feels is inadequate, what should be done?

Answer 17

nothing yet

The business unit can decide what level of risk to accept. If the high risk continues after mitigation, the problem can be escalated to senior management.

The job of the compliance officer is to assess the risks and inform management of those risks.

Question 18

Once a regulatory proposal becomes final, what are the first step to implement the rule?

Answer 18

establish a task force

Note: the question askes about ‘implementing’ the rule, not ‘analyzing’ the final rule

Question 19

What is risk likelihood?

Answer 19

the probability that an event will occur

Question 20

What are the basic elements of a CMS?

Answer 20

• written program that addresses
• structure
• change management
• monitoring (testing)
• regulatory examinations
• compliance training
• reviews
• risk assessment

Question 21

Outline the review elements of the CMS.

Answer 21

• marketing materials
• policies and procedures
• disclosures
• products and services
• third party relationships

Question 22

Outline the change management elements of the CMS.

Answer 22

• consultation
• regulatory proposal impact
• change implementation

Question 23

When evaluating a regulatory proposal, what are the first 3 steps?

Answer 23

1) analyze the proposal’s effect on the bank
2) provide a summary to the affected business unit
3) establish a task force to study the proposal

Question 24

What is risk exposure?

Answer 24

the extent of potential damage (severity)

Question 25

What are risk dependencies?

Answer 25

dependencies on other areas of the bank or third parties for controls

Question 26

Outline the regulatory examination elements of the CMS.

Answer 26

* exam liaison * review findings * exam responses * remediation

Question 27

Once an exam finding is validated, what is the next step?

Answer 27

review policies and procedures to determine where failure occurred (root cause)

Question 28

What is the compliance officers most important role on a task force?

Answer 28

provide knowledge about compliance risk, such as whether a system is in compliance with relevant laws and regulations