MITIGATING BANK RISK - The Balance Between Internal Audit and the Independent External Audit & Using Outsourcing Experts for Cyber, Crypto, & ESG
T. David Colgren
CEO/Owner, Colcomgroup, Inc. Consultant > Strategic Planning, Business Development, Government Affairs, Marketing, PR, Media Relations, Social Media and Writing
MITIGATING BANK RISK - The Balance Between Internal Audit and the Independent External Audit for a Financial Institution & Using Outsourcing Experts for Better Cybersecurity, Crypto, AML, BSA and ESG to Protect the Public Interest?
David Colgren?- CEO/Owner, Colcomgroup, Inc. Consultant > Strategic Planning, Business Development, Government Affairs, Marketing, PR, Media Relations, Social Media and Writing
NEW NEWS ITEM >> LAST WEEK (JUNE 1, 2023):
The?Federal Deposit Insurance Fund does not have enough in the fund to cover the bailout tab? >> "Banking Crisis Saps FDIC Insurance Fund " and "Fed’s Balance Sheet Plunged by $348 Billion in the 10 Weeks since Peak Bank Crisis, and by $580 billion since QT Started"... meaning ultimately will the US taxpayer cover the banking default tab if the FDIC fails (like what happened more than +25 years ago when the FSLIC failed and merged into the FDIC?
On the good side - the FDIC is taking steps to replenish the insurance fund before taxpayers jump in >>
SEE ARTICLE -- "The FDIC will continue to monitor factors affecting the reserve ratio, including but not limited to, insured deposit growth, and potential losses due to bank failures and related reserves as required under the current Restoration Plan." Stay tuned...
CALL TO ACTION: If you're going to be brought in as an expert to help a banking institution to provide #CYBERSECURITY, or ANTI-MONEY LAUNDERING #AML/ or the BANK SECRECY ACT #BSA or new ENVIRONMENTAL, SOCIAL, GOVERNANCE #ESG and/or new #HUMANCAPITALDISCLOSURE/ REGIMES it's importance to CONSIDER FDICIA Part 363 Rules required by bank institutions over $1 billion financial institutions for better governance/ risk mitigation
STAT/REFERENCE: The Federal Deposit Insurance Corporation Improvement Act (#FDICIA SEE PROVISIONS BELOW FOR BANKS AT $1 BILLION OR MORE) was passed in 1991 in response to the?savings and loan (S&L) crisis from the late 1980s (TEXAS S&L CRISIS COST ESTIMATED $500 BILLION TAXPAYERS before ENRON). From 1980 until the end of 1991, nearly 1,300 commercial banks either failed or required failing bank assistance from the?FDIC. The wave of bank failures occurred due to a surge and subsequent collapse in industries including energy, agriculture, and real estate that caused the S&L insurance fund to also go belly-up (Federal Savings And Loan Insurance Corporation?- #FSLIC)?
ANALOGY - "Extinction? Relax. We're too big to fail...the taxpayer will ultimately cover failure" or " Why do banks fail? Assessing the repayment capacity BEFORE enjoying exposure..." The public is strongly behind the FDICIA banking regime when the taxpayer funds come into the mix to bail out a bank to cover deposit assets...
BACKGROUND
We know in the past ("The FSLIC CRISIS") the US Government required taxpayers to bail out the "full-faith and credit of the US Government clause" meaning that:
1. When a bank fails...
2. When the bank insurance fund fails... -- Like the FSLIC in the 1990s...
The #FDIC and The Bank are both -- "too-big to fail" - then the taxpayer ultimately covers the tab (Which it recently did recently... (See article below).
BUT on the good side -- Governance "circuit breakers" like "Whistleblowers" can actually "Blow the Whistle" and make disclosures public to support the public interest in a formal way before a "too big to fail" crisis can happen as long as regulators follow-up on the investigation claim/ or the PRESS which could save taxpayers millions of dollars.
Why does a whistleblower blow the whistle?/ What are the possible whistleblower factors to protect the public interest/ national security? --
Because banks have missed important compliance deadlines; or accounting or data entry errors; or vendor disagreements; or inaccurate client records; or loss of client assets through negligence/fraud; or operational losses; and/or lack of internal controls that are not in place to detect fraud.
But before this can happen -- bank management is very proactive before whistleblower disclosures and follow the #FDICIA as a FIRST LINE OF DEFENSE - FRONT AND CENTER >
Because what we recently know is that the largest?bank failure?since the 2008 crisis has triggered a major U.S. government intervention to protect the US financial system under the FDICIA in the first place.
Silicon Valley Bank, the nation's 16th largest bank, collapsed forcing a government takeover and calling into question the fate of almost $175 billion in customer deposits... backed by the FULL FAITH AND CREDIT OF THE US GOVERNMENT).
By the way from the source of the FDIC- The Deposit Insurance Fund (DIF) balance was $128.2 billion on December 31, 2022,..
For the savings and loan crisis in the 1980s this same crisis cost close to $500 Billion to the taxpayer in the 1990s... (You think we would learn from the 1980s, 2008 or now 2023 about the importance of banking governance/compliance/internal controls?)
BUT BACK TO OUR BASIC POINT OF THIS ARTICLE >> WHAT CAN CONSULTANTS / EXTERNAL EXPERTS BETTER UNDERSTAND CRITICAL BANKING DEFENSE MECHANISMS FOR BETTER GOVERNANCE MOVING FORWARD TO PROTECT THE PUBLIC INTEREST --> Maybe even support financial institutions UNDER a 1 Billion to follow the compliance requirement?
As financial institutions review and conduct research related to the?FDICIA Part 363?> Summary of Filing Requirements of Bank implementation when hitting the billion-dollar bank milestone or more - the strategy to consider outsourcing the implementation framework or conduct in-house internal controls could be mixed or create confusion/governance to investors and depositors.
Many financial institutions consider to outsource, or reach-out to technical expertise (detailed knowledge) with possible external vendors for internal controls reporting and audit requirements to validate reporting to outside stakeholders/ investors/ regulators.
Banks may choose NOT TO USE EXTERNAL EXPERTS
Several organizations may consider solely implementing FDICIA Part 363 rules internally with minimal outside assistance and choose to "bring-in" and hire full time employees for the internal control function with needed additional inside staff expertise (Like bringing in cybersecurity expertise hired to join a bank’s internal audit staff).
Banks Choose to Use Consultants in a "Hybrid" Approach to Staffing
Or banks may wish to follow a hybrid approach to staffing -- and this continues to be a "gray area" for needed inside or outside talent and what governance applies for better independence or element possible conflicts of interest in this hybrid approach? Many in the financial services sector conduct and engage in possible discussions or case studies to review under this consideration for outsourcing:
QUESTION: “What level of a bank should consider regarding the level of the internal control outsourcing and if it is appropriate?
QUESTION: "What might a combination of outside services for an FDICIA 363 engagement look like for an ideal situation/ financial consideration to the bottom-line of the bank that stays within governance/ conflicts of interest issues?"
This answer will depend depending on three major components for outsourcing consideration of the internal audit function of a bank requiring expertise to assist with mitigating bank risk:
What are the critical Elements to Consider for Bank Control Elements, Modeling and Issuing Disclosure/Reporting??
The second element when reviewing internal control functions of a bank (above) include:
Each bank varies regarding internal controls required for both function and risk that will continue to evolve over various stages as needed for operations or suggestions via various banking state and federal regulators and participating auditors.
Modifications will be needed at a bank to change based on new banking regulations, new banking products and services or new requirements for greater level of detail that may be increased thus creating new, complex processes to identify and review related to critical controls as banks move to the $1 billion or more milestone as identified FDIC Part 363. This could move from a few internal audit employees to possibly bigger internal audit functions of multiple, global employees depending on various expended jurisdictions or new bank acquisitions OR use experts outside of a bank’s internal audit function to meet these new specialized areas of expertise.
To protect investors/depositors -- there must be enough disclosures/ reports to review speed of controls for testing or how quickly the control functions increase – what are the elements or data metrics used to review and test critical controls – what are the technologies involved and the complete understanding of the data needed for attributes, for each control. In many cases - banks are or actually moving to REAL-TIME ANALYSIS and DATA ANALYTICS to better mitigate risks.
BUT PLEASE NOTE - A bank's internal audit function will take strenuous efforts to manage critical functions needed to mitigate risk for a bank - those risks are?NOT REPORTED EXTERNALLY. Ultimately under?FDICIA Part 363?Annual Reports for Institutions with $1 Billion or More in Consolidated Total Assets requires?“The independent (external auditor) public accountant’s report on the effectiveness of the institution’s internal control structure over financial reporting3.
As defined in FDICIA Part 363:
BANK MANAGEMENT RESPONSIBILITY:
Bank management’s assessment of the effectiveness of internal control over financial reporting must:
领英推荐
INDEPENDENT (EXTERNAL AUDITOR REQUIRED UNDER FDIC LAW/ US SECURITIES AND EXCHANGE COMMISSION) PUBLIC ACCOUNTANT'S RESPONSIBILITIES:
But, the independent (external auditor) public accountant’s report on the effectiveness of the institution’s internal control over financial reporting must:
Why is this a systemic risk issue for the capital markets? -- In essence, if the independent external auditor function will not be able to validate the testing conducted by bank management it could lead to negative opinions on the internal control structure and possible harm to important stakeholders like investors/ depositors/ and Federal deposit insurance which goes to the heart of the?FDIC’s mission: to promote confidence and stability in the nation’s financial system. FDIC deposit insurance enables consumers to confidently place their money at thousands of FDIC-insured banks across the country and is backed by the full faith and credit of the United States government (TAXPAYER). (This remembers my time while working in concert with the FSLIC "Southwest Plan" and a new regime was needed to address this issue of FULL FAITH AND CREDIT OF THE US GOVERNMENT in the late 1980s).?
See detailed research paper on the savings and loan crisis and key governance issues that ultimately cost taxpayers close to $500 billion in bank losses in the 1980s-1990s... Again, first hand in the aftermath of the crisis and recovery in Texas working with George Barclay, president of the Federal Home Loan Bank of Dallas (Taxas, New Mexico, Arkansas, Louisiana and Mississippi) members and staff of the US Congress banking and financial services committees (House and Senate) and members of the Federal Home Loan Bank Board in DC, the then FSLIC and the FBI investigation team in Dallas that help undertake investigation and support the passage of the Financial Institutions Reform, Recovery, and Enforcement Act (FIRREA)?which was a law that revised the federal government agency structure and rules governing the U.S. savings and loan banking system and the real estate appraisal industry, passed in 1989 (Pre-Sarbanes-Oxley required to support the recognition of the internal audit and independent external audit functions to provide better governance)...
George M. Barclay?was born in Pennsylvania and a Certified Public Accountant (CPA) and helped me to see/ understand/ first-hand the importance of accounting, audit, ethics, governance, leadership and the role of supporting the public interest/ depositors and the importance of the capital markets/ innovation/ free enterprise in a democracy. I'm grateful for the opportunity to be able to work with George Barclay during these very turbulent finance/banking turbulent times facing America and his military service/experience to this nation -- "ZERO TOLERANCE FOR FRAUD" -- instead of others who represent the profession (who can make change to support the public interest) INSTEAD of collecting millions of dollars for their OWN PERSONAL GAIN (or bribes) and holding on to a position FOR DECADES with NO SIGNIFICANT CHANGE (CALL IT OUT AMERICA) but let a future generation deal with the CLEAN UP. LOOK AT PAST HISTORY AS A MILESTONE or you get -- "Absolute Power Corrupts Absolutely..." and why America and other free countries of the world end PUTIN like dictators.
What I Also Learned about the Roles Between Both Internal and Independent External Audit Functions and Using Outsourced Services to Help Financial Institutions After the Crisis
Internal Audit Function- with major technology risks (Like cybersecurity or new technical disclosure requirements into ESG/ climate/ human capital machine-readable disclosures) becoming more sophisticated and complex at a bank - it could require more time and internal audit staff needed to help mitigate new controls implementation by management for internal audit to review. Consequently, more internal audit staff will need to be hired to perform control validations as management staff also increase staff/ new products and services -- new operations/procedures and bridge cross operation with new controls to better mitigate RISK GAPS. This time lag on operation and procedure must be bridged between internal audit and bank management as internal audit identifies, models and conducts tests as management builds the internal controls that internal audit can utilized and prepare controls, modeling, testing and reporting and expertise opinion as needed to assist the independent external audit function in terms of what the independent external audit function activities and reports can choose to use or not use. Meanwhile, the internal audit function can provide suggestions to management to implement or not implement as well – but ultimately management can or can not use outside consultants.?
Independent External Audit Function?- Meanwhile, side by side with the internal auditor – the independent external auditor(s) may or may not need to review reports from internal auditors and decide ultimately, from the outside independent external auditor what needs to be reviewed and identify possible risks that include could also be irrelevant processes or controls AND follow controls critical in a FDICIA related program that could bog down efficiencies for a bank and its associated auditors.
Both the internal auditor and independent external auditor can identify the right ingredients needed for critical controls that are required for financial statements/ reporting purposes to mitigate risk.???
Consequently, financial services (banks) should have the talent to review, audit whether key controls have been identified, modeled, reported, verified to require FDICIA and external audit requirements at the same time help the bank to meet the needs of its stakeholders.?
In certain cases, an assessment of the effectiveness of the Internal Control over Financial Reporting (ICFR) is also required as part of the annual reporting package submitted to the FDIC. An effective internal control structure is considered to be critical to the safety and soundness of insured depository institutions.?
Can Banks Outsource Functions to Support Innovation ASP to Help Mitigate Risk?
As banks get close to reaching billion-dollar milestone, there needs to be certain evaluations indicated above as well as reporting FDICIA requirement below in detail -- and determine that at least one of the three key control elements are not there, the next procedure is to determine if outsourcing the implementation and verification is required. This verification can be designed to ideally address a bank’s business mission. This can take many scenarios, for example:
·??????Check with executive leadership and the board to provide the best training and education for board members, executives, and/or internal control owners (inside the bank)
·??????Reporting of internal control process inside the bank, this again would include identifying, modeling, and reporting internal controls using the new COSO framework through possible narrative comments with both inside and outside held process owners
·??????Verify the modeling of critical controls through test-runs and verifying the operating effectiveness of internal controls using case studies/ samples/ histories that can meet?executive management and independent external auditor needs
·??????Include Full implementation which includes project dialogue with executive management, mapping of critical controls to the new COSO framework, mapping financial statement line items to critical controls, and discussion/ education on improving risk areas discovered during and after the narrative processes.
Please note, many outside stakeholders believe that unlike bank financial performance metrics that investors use, which are publicly available -- internal control data/ information IS NOT?publicly available. A possible benefit of helping the bank is the ability to benefit of outsourcing using an independent third party that could be brought in to identify the existence of risk deficiencies in modeling or implementation of internal controls based on education, talent, experience obtained through external audits and other FDICIA implementation projects. Audit or consulting firms specializing in banking can be a valuable resource for addressing FDICIA requirements.?
Again, just like both the internal auditor and the independent external auditor – for governance issues -- due to independence requirements, both the bank’s internal and external auditors are prohibited from providing FDICIA implementation services for banks. For example, an internal audit function can recommend to the CFO/ staff to provide internal control processes – but the CFO/ management staff must implement the controls for the bank so – the internal auditor can test this process and must be independent to confirm validation of metrics. Again, just as critical is that the independent external auditor must not implement a control functions as well that they ALSO just audit so they are not influenced or biased regarding implementation of internal bank controls. These are critical banking elements of internal control governance – devoid of taking responsibly of the actual operating of bank infrastructure– meaning, why would a doctor also be a patient – both must be independent of their functions/ governance …for best medical results and objectivity as significant "lines of defense" to a bank.??
However, it is normal and beneficial for outsourced FDICIA consultants to work with a bank’s independent external auditors when assisting a bank with FDICIA implementation or testing of controls. Or recommendations for strategy to internal auditors from external expert consultants for the CFO/ management of a bank to implement internal controls of a bank.
Grateful to a thriving capital markets, critical of a working, growing and expanding bank, helping to create new innovation, economic prosperity, small business and housing development – new jobs for a free country – with the right regulatory controls in place that are objective, unbiased to serve the public interest in the best way… Not controlled, centralized government economies (like Russia) with no concept of the “invisible hand” – “laissez faire” to meet the needs of the consumer – the best in the world developing new education, new innovation more effective democracy/ governance through TRANSPARENCY, ACCOUNTABILITY – CONSUMER CHOICE.??
So regardless of the process/ strategy agreed -- bank executives should expect to derive benefit from the FDICIA implementation process to mitigate critical risks facing?systemic banks “Too BIG TO FAIL” and best protecting the public interest under assault from foreign governments/ dark web. Rather than treating FDICIA as a compliance exercise, banks should view FDICIA as an opportunity to improve their internal control structures, as risks can increase with a bank’s size, technological needs and complexity to meet the need of the use of bank products and services.?
CRITICAL WHISTLEBLOWER INFRASTRUCTURE ELEMENT TO GOVERNANCE
Just like the whistleblower who helped identify fraud at ENRON - As well before ENRON - savings and loan whistleblowers also helped identify fraud to help the public interest/ depositors... Wish we would have learned from the past... Fraud is Fraud... and Controls are Controls...
Question: What internal activities like cybersecurity can be OUTSOURCED by a company paid by the CEO required for governance/ no conflicts of interest?
CRITICAL FDIC OVERVIEW OF FUNCTIONS OF THE INTERNAL AUDITOR AND THE INDEPENDENT EXTERNAL AUDITOR FOR BETTER BANK GOVERNANCE AND RISK MITIGATION
INTERNAL CONTROLS / OUTSOURCING EXPERTS -?FDIC THIRD-PARTY RELATIONSHIPS?-?Third parties can help financial institutions attain strategic objectives, access expertise, or improve efficiency for a particular activity. The use of third parties does not diminish the responsibility to ensure that the activity is conducted in a safe-and-sound manner.
ARTICLES ON THIS TOPIC FOR BANK OUTSOURCING CONTROLS -- EXAMPLES:
OUTSOURCING INTERNAL CONTROL IMPLEMENTATIONS?CYBERSECURITY FUNCTIONS:
OUTSOURCING INTERNAL CONTROL IMPLEMENTATIONS?CRYPTO-ASSETS
David Colgren?(He/Him) +25 years in Accounting and Audit PR Consultant - Public Affairs
CEO/Owner, Colcomgroup, Inc. Consultant > Strategic Planning, Business Development, Government Affairs, Marketing, PR, Media Relations, Social Media and Writing
David Colgren Media Spokesperson - Federal Home Loan Bank of Dallas: Working with US Federal Banking Regulators, FBI, Spokesperson - (1985 - 1989)
FDIC SOUTHWEST PLAN: 88 Financial Institutions -- Thrift?Crisis: an Analysis of 1988 Resolutions, Research Paper, Washington, DC: Federal Home Loan Bank Board, 1989 (David Colgren, media spokesperson)
David Colgren, spokesperson for the Federal Home Loan Bank of Dallas:
By the late 1980s and early 1990s, the US Congress decided to rectify the savings and loan crisis. In 1989, Congress passed the?Financial Institutions Reform, Recovery and Enforcement Act of 1989?that instituted a number of reforms of the financial industry. The main S&L regulator (the Federal Home Loan Bank Board) was abolished, as was the bankrupt FSLIC. In their place, Congress created the Office of Thrift Supervision #OTS and placed thrifts’ insurance under the #FDIC. In addition, the Resolution Trust Corporation (#RTC) was established and funded to resolve the remaining troubled S&Ls. The RTC closed 747 S&Ls with assets of over $407 billion. The thrift crisis came to its end when the RTC was eventually closed on December 31, 1995. The ultimate cost to taxpayers was estimated to be as high as $124 billion. Unfortunately, the commercial banking industry also suffered its own set of problems over this period, both in Texas and elsewhere. This banking crisis also resulted in major reform legislation that paved the way for a period of stability and profitability till 2008 and we move on to Lehman Brothers and the next financial crisis over FDICIA...
Please let me know if you have any thoughts or ideas on this topic? Open to suggestions and thoughts.
Thank you for support of banking institutions, capital markets, free enterprise, innovation, new technologies, freedom, human capital value creation and most importantly - support of the public interest/ democracy over dictatorship. Importance of ETHICS, GOVERNANCE and INTERNAL CONTROLS TO PREVENT FRAUD...ZERO TOLERANCE...
#accountant #accounting #business #tax #finance #taxes #taxseason #entrepreneur #cpa #incometax #accountants #bookkeeper #payroll #businessowner #charteredaccountant #accountingservices #money #xbrl #taxpreparer #taxreturn #msrb #accountantlife #taxprofessional #pcaob #sec_news #managmentaccountant #ca #independentexternalauditor #taxrefund #wsj #audit #taxplanning #gst #taxation #startup #taxtips #sustainability #icaew #mosttrustedadvisor #lei #bookkeepingservices #irs #commerce #usgaap #smallbusinessowner #accounts #taxpreparation #auditboard #humancapital #quickbooks #taxconsultant #accountancy #conflictsofinterest #cpastudents #success #cafinal #accountingsoftware #fsb #motivation #taxaccountant #covid #castudent #cpalife #big #jobs #senatebanking #usdol #wealthmanagement #bloomberg #cpajokes #creditrepair #fasab #gasb #credit #selfemployed #materialrisk #lgbtqia #business #internalaudit #success #cpafirm #supplychain #gao #treasury #federalregister #governance #ifac #corpgov #cfo #generalcounsel #smallbusiness #money #startup #federalcfo #big #businessowner #governance #smallbusinessowner #fasb #covid #finance #jobs #igs #accounting #taxes #tax #taxseason #duedilligance #whistleblower #commerce #diversity #gleif #cpa #commerce #banking #bookkeeping #iosco #irs #whitecollarcrime #gensler #balancesheet #forensicaccountant #intuit #credential #ushouse?#cpaforensicaccounting #incometax #payroll #frauddetection #audit #taxreturn #personalfinance #ethics #successionplanning #rules #financialplanning #accounts #accountants #taxrefund #fca #auditor #taxplanning #taxpreparer #internalcontrols #accountancy #bookkeeper #taxation #cpatech #sox404 #accountantlife #financialstatement #americanbar #aba #aml #bsa #accountantslife #accountantproblems #accountantsofinstagram #accountantbyday #cybersecurity #governmentaccountant #accountantinthemaking #accountanttobe #accountantsdiary #accountantadventures #toobigtofail #accountantsrule #businessvaluation #doddfrank #accountantprobs #accountantsarefun #standards #assurance #fhbl #fhfb #accountantandartist #attestation #accountantsarecool #accountantsrock #accountantouting #fasab #accountanthumor #accountantcake #accountantwithadifference #ifrs #iasb #iaasb #auditor #audit #accountant #iia #iso #ca # #icai #big #cpastudents #cpafinal #cpaexam #tax #cpt #caresults #exams #business #cpastudent #cpajokes #itt #cia #nameswithcpa #articalship #cpacentral #nasdaq #nyt #cpatalents #afrfb #cpahumor #fbi #legal #certification #digitos #auditorfiscal #occ #fdic #federalresearch #omb #finance #auditor #big #exams #legal #iso #audit #auditor #it #ai #fintech #regtech #govtech #dataanalytics #stem #blockchain