The Added Value of IBS Compliant Solutions

April 11, 2017

Carl Bahneman, IBS Product Line Manager

Karla Booe, Deputy Chief Compliance Officer

Peter Dugas, Managing Director, Center of Regulatory

Intelligence

The Added Value of IBS Compliant Solutions

2

• Introductions

• The Regulatory Landscape

– Now

– Future

• The FIS Corporate Compliance Process

• Recent IBS Compliance Projects

• Other Resources

– IBS

3

The Regulatory Landscape

Delivers timely, unique, practical analysis and actionable intelligence

FIS Center of Regulatory Intelligence

4

• Located in Washington D.C.

• Provides the latest intelligence, thought leadership,

and cutting-edge insight into risk, information

security, and compliance issues.

– Single source of comprehensive research and analysis on

political, economic, legislative and regulatory actions.

– Enables management to quickly detect and respond to

regulatory, political, and market changes.

1101 Pennsylvania Ave.

Washington, D.C.

fisglobal.com/Insights/RISC

Advanced Regulatory Intelligence

White Paper

Legislation Rulemaking

5

Speeches

Op-Eds

Enforcement Actions

Appropriations

Congressional Floor Statements

Congressional

Reports

State Legislation

Testimonies

News

Litigation

Lobbying, LDAs,

PACs

Speeches

Law Firms

Hearings

CRS

Reports

Amendments

Lobbying

Firms

Guidance/FAQs/Exam Manuals

Exams

HotlineNational

Committees

Courts

Legislative

History

Cost-Benefit Analysis

Staff Analysis

Public Comments

Foreign Laws

GAO

Reports

5

6

2016-17 Regulatory Road Map

Nominees

President Trump Nominees

7

• Department of the Treasury – Steve Mnuchin*

• Department of Justice – Jeff Sessions*

• Department of Commerce – Wilbur Ross*

• Department of Housing & Urban Development – Ben Carson*

• Department of Homeland Security – John F. Kelly*

• S.E.C. – Jay Clayton

• National Economic Council – Gary Cohn

• O.M.B. – Mick Mulvaney*

• *Confirmed

Executive Order: Core Principles for Regulating the U.S. Financial System

8

Core

Principles

Empower Americans to make independent financial decisions

and informed choices in the market place, save for

retirement, and build individual wealth

Prevent taxpayer-funded bailouts

Foster economic growth and vibrant financial markets

through more rigorous regulatory impact analysis that

addresses systemic risk and market failures, such as moral

hazard and information asymmetry

Enable American companies to be competitive with foreign

firms in domestic and foreign markets

Advance American interests in financial regulatory

negotiations and meetings

Make regulation efficient, effective, and appropriately tailored

Restore public accountability within Federal financial

regulatory agencies and rationalize the Federal regulatory

frameworks

Dodd-Frank Act Relief

9

• Sec. 1

Provide for election to be a strongly

capitalized, well managed financial

institution.

• Sec. 2

End “Too Big to Fail” and Bank Bailouts.

• Sec. 3

Empower Americans to achieve financial

independence by fundamentally reforming

the CFPB and protecting investors.

• Sec. 4

Demand accountability from financial

regulators and devolve power away from

Washington.

• Sec. 5

Demand accountability from Wall Street

through enhanced penalties for fraud and

deception.

• Sec. 6

Unleash opportunities for small

businesses, innovators, and job creators

by facilitating capital formation.

• Sec. 7

Provide regulatory relief for Main Street

and community financial institutions.

House Committee on Financial Services

Congressional Review Act (CRA)

10

6-13-2016Final Rules Within 60-

Legislative-Day Window

1-3-2017115th Congress

Convened

5-17-2017Approximate

Congressional

Review Deadline for

2016 Midnight Rules

1-30-2017Start of 60-day

Congressional

Review Period

Timeline for Congressional Action

Midnight RuleA rule that is passed within the

last 60 legislative days of a

session of Congress during the

final year of a president’s term

Corporate Compliance Process

Product and Services Federal Regulatory Compliance

Compliance Staffing

12

• Fulfilling our mission requires that we foster a culture of high ethical and moral

standards by establishing effective governance and oversight, policies and

procedures, risk assessment, testing, training and reporting.

• We accomplish this through a staff of over 50 full-time Compliance associates

located across the globe.

• The Chief Compliance and Customer Advocacy Officer leads nine distinct

functional areas with a leadership team that averages over 15 years of

compliance experience.

Certifications/Degrees on the Compliance team include:• Certified Anti-Money Laundering Specialist (ACAMS)

• Certified Information Privacy Manager (CIPM)

• Certified Regulatory Compliance Manager (CRCM)

• Certified Information Privacy Professional (CIPP)

• Master of Business Administration (MBA)

• Juris Doctorate (JD)

Chief Risk

Office

Chief

Compliance

Office

Risk

Committee

Audit

Committee

Enterprise

Program

International,

Institutional &

Wholesale

Enterprise

Product

Compliance

Consumer

Model Risk

Management

BSA/AML

Anti-Bribery,

Corruption, Fraud

Privacy Office

Export &

Sanctions

Compliance

Compliance Organization – By Functional Area

13

Corporate Compliance Program

Governed by the

Executive Risk

Management Committee

and Board of Directors

The Corporate

Compliance Playbook

serves as the program’s

foundation

Reinforced by key

program pillars

Po

licy &

Pro

ce

dure

s

Ris

k A

sse

ssm

en

ts

Re

gu

latio

n M

an

ag

em

en

t

Mo

nito

rin

g

Te

stin

g

Tra

inin

g

Rep

ort

ing

Compliance Governance

& Oversight

Compliance Program Framework

14

Experience | | Expertise

Corporate Compliance Process

Program Pillars

Compliance Policies

16

Corporate Compliance owns and governs compliance for the following policies and

standards:

Policies & Standards

•Code of Business Conduct and Ethics

•Anti-Bribery and Anti-Corruption

•Anti-Money Laundering

•Fair Credit Reporting Act (FCRA)

•Unfair, Deceptive, or Abusive Acts or Practices (UDAAP)

•Fair Debt Collection Practices (FDCPA)

•Identity Theft Red Flags

•Export Control and Economic Sanctions Compliance Policy

•Country Risk

• The Corporate Compliance group performs compliance risk assessments for

all FIS products.

High risk products - assessed annually

Moderate risk products - assessed every other year

Low to no risk products - assessed every three years

• As new features or functionalities are added to a product a review will occur to

determine if the frequency needs to change.

• The risk assessment process includes an evaluation of the controls in place

measured against the inherent risk of the product or service, as depicted in the

chart below:

Control Environment

Strong SatisfactoryNeeds

ImprovementWeak

Inherent

Risk

High Low Moderate High High

Moderate Low Low Moderate High

Low Low Low Moderate Moderate

Risk Assessments

17

Federal Agencies

Federal Banking Agencies (FBA)

– Federal Reserve Board (FRB)

– Office of the Comptroller of the Currency (OCC)

– Consumer Financial Protection Bureau (CFPB)

– National Credit Union Administration (NCUA)

– Federal Deposit Insurance Corporation (FDIC)

International

• Financial Conduct Authority

• Monetary Authority of Singapore

Federal Trade Commission (FTC)

Internal Revenue Service (IRS)

Office of Foreign Asset Control (OFAC)

Financial Industry Regulatory Authority (FINRA)

Regulation Management - Inventory

18

Compliance monitors United States and international agencies on a daily basis and

maintains an enterprise-wide regulation inventory for our products and services. Examples

include:

Regulatory

Change Inputs

Logging &

Tracking

Tool

Impact

Analysis

Regulation Management – Change Control

19

LOB

Assessment

Control

Plans &

Monitoring

Regulatory implementation plans and change control follow a repeatable process

enhanced by a integrated, multi-disciplinary compliance management system.

Monthly

newsletterE-mail

distribution

list

Project

Meetings

&

User Group

Forums

Monthly

status group

Audit

support

Monitoring

20

Regulatory updates, risk assessments, and control plans are continuously

monitored and evaluated to ensure accountability and compliance. Effective

communication is achieved by engaging key stakeholders through a variety of

channels and tools.

Compliance Testing

21

Pre-Planning(No Impact to LOB)

Planning

Fieldwork (Testing)

Wrap Up & Reporting

•Project Scope

•Identify high risk regulatory requirements

•Identify Compliance Stakeholders

•Draft test scripts

•Conduct “walk-through” with Compliance Stakeholders

•Verify self-reported items

•Completion of Archer test scripts

•Control testing

•Conduct weekly meetings

•Evidence review and analysis

•Results communicated to business

•Issue remediation

•State of Compliance report

• The Enterprise Compliance Training program

outlines the required curriculum to educate

resources on compliance requirements that affect

FIS products and services.

• The program addresses resources not only in the

development organization, but also in support and

quality assurance, including specialty products and

services.

• In addition the program introduces new employees

to the regulatory requirements of the product they

will support, refresher training to keep employees

‘regulatory aware’.

• The program also outlines the training requirements

for Corporate Compliance so that members of the

compliance team maintain the required knowledge

of current laws and regulations.

New Employee Training

Refresher Training

Supplement Training

Job-Specific Training

Specialty Products & Services

Enterprise-Wide Training

Training Types

Compliance Training

22

All Enterprise Training is tracked as a KRI. Failure to complete the training

will result in either or all of the following: ineligibility for a raise, impact to

incentive or termination.

Additionally, the Chief Compliance and Customer Advocacy Officer

provides annual compliance training for the Audit Committee to the Board

of Directors.

Compliance Training (continued)

23

• Employees assigned to the regulatory teams receive additional training on an

ongoing basis as new or amended regulations are issued by the regulatory

agencies.

• Corporate Compliance monitors for training offerings and alerts the Lines of

Business of the availability of these opportunities.

• Annual mandatory training for all employees includes:

o Regulatory Compliance (including AML)

o Anti-Bribery/Corruption/Retaliation

o Privacy

o Code of Business Conduct and Ethics

Compliance Reporting

24

Corporate Compliance reports to senior management, the Executive Risk

Management Committee, and the Audit Committee to the Board of Directors at

least quarterly to provide the state of compliance as it pertains to:

Compliance issues, root cause, and remediation

Risk assessment and testing results

State of privacy processes

Anti-Bribery, Corruption, and Country Risk

Conflicts of Interest

Gifts and Entertainment

Recent IBS “Value-Add”

Compliance Enhancements

Making IBS Compliant

26

• Including Corporate Compliance throughout the project

• A Development team filled with Subject Matter Experts

• A solid repeatable Software Development Life Cycle process

• Compliance projects that drive automation and efficiency

• Flexible compliance solutions to support clients needs

• Clients willing to assist and be engaged

• Value add, not just the minimum

Metro 2 Credit Bureau Reporting

• Regulation

– FACT Act

The FACT Act, which stands for Fair and Accurate Credit Transactions Act, was signed into law in 2003

Regulation requires accurate credit reporting if the bank chooses to report

Data submission to major credit reporting agencies managed through the CDIA and reported in the Metro 2 format

• Overview of changes

– Full review of Metro 2 Guidelines to support preferred approach

– Support for full payment history profile

– Updated calculation of key fields

– More robust support for bankruptcy reporting

– New Credit Bureau reporting page in IBS Insight with separate entitlement

– Additional defaults and automation for closed/paid loan processing

– More robust reporting through the R7209 and BIC data

27

Metro 2 Credit Bureau Reporting

• Value Add

– Greater accuracy of reporting

– Reduced reliance on E-Oscar tool

– Great automation

– Increased flexibility

– Full data to answer client and auditor questions more easily

– Automated stopping reporting on paid loans

28

CFPB Mortgage Servicing Periodic Statement Changes

29

• Regulation

– One of the initial areas of focus of the Consumer Financial Protection Bureau, consisted of a number of changes to existing regulations intended to inform and protect consumers as it related to mortgage servicing. The largest area of impact consisted enhancement to the loan system periodic statement.

• Overview of Changes

– Redesign of R6090 to address the required changes in content and layout

Additional late fee and misc. fee information

Additional unapplied funds detail

Running totals on funds paid during the year broken out by the various payment components

Additional transaction detail

Enhanced delinquency information including current status and breakdown of all outstanding amounts past due

• Value Add

– New statement can be used for CFPB and not CFPB banks

– Ability to mask account numbers related to autopayments and ACH

– Flexibility to allow banks to customize messages

– Reduce postage by including delinquency info along with the statement

Flood Zone Tracking

• Regulation

– The National Flood Insurance Program is responsible for communicating the requirements that FEMA expects as it

related to tracking and monitoring properties and loans that reside within a flood zone. These enhancements were not

a response to any specific regulatory change but instead an opportunity to enhance support for these requirements

based on Compliance User Group feedback.

• Overview of changes

– Designed a new IBS Insight page that mirrored the FEMA Flood Determination form

– Ability to support tracking of multiple properties

– Enhanced to link each form to a multiple collateral and/or escrow record

– New data added to BIC

• Value Add

– The entire project was a value add to help banks track and monitor those loans that were in a flood zone in the system

of record

30

Loan Modifications

• Regulation

– Home Affordable Modification Program

In 2009, in response to the sub-prime mortgage crisis, the Home Affordable Modification Program (HAMP) was designed to

help financially struggling homeowners avoid foreclosure by modifying loans to a level that was affordable for borrowers and

sustainable over the long term. This was done by interest rate reduction, fixing the interest rate, principal reduction or

forbearance, and term extension. The program provides clear and consistent loan modification guidelines and includes

incentives for borrowers, servicers and investors.

• Overview of changes

– Created a new IBS Loan Modification page in IBS insight to track and monitor the necessary data related to the

modification

– Created 4 new BIC reports to support the investor (FHLMC and FNMA) requirements

• Value Add

– Can be used to track any type of modification, extension or renewal

– Stores historical information if multiple different modifications have taken place

31

Same Day ACH

• Regulation

– NACHA Same Day Rule Change was approved with implementation to occur in three phases:

Phase 1 (credits) effective - 9/23/16

Phase 2 (debits) effective - 9/15/17

Phase 3 (timing) effective - 3/16/18

– All banks are required to accept and post Same Day payments. However, originating Same Day transactions is not

mandatory.

• Overview of Changes

– A cross application team of Product Managers met to define implications to all IBS products. A whitepaper was

created ‘IBS Response to Same Day ACH’ and posted on the client portal.

– Many changes were implemented across FIS and IBS to support Phase 1 and other changes are underway for Phase

2

32

Same Day ACH

• Value Add

– Capitalizing on the Same Day Returns Window (planned for 4Q)

With the NACHA Same Day Rule Change, a new FED window will be available for returns.

IBS banks will want to return ACH debits quicker using this new returns window to compete effectively with the large banks

that are moving in this direction. The sooner these debits are returned, the sooner your bank will receive credit for them.

This project will create a new End of Day Function in IBS Exceptions Processing that will enable banks to submit an end of

day for all ACH items that are set to be returned by a specific cut off time to be determined.

Once this end of day is submitted, the ACH returns will be sent to ACH so that they can settle at the other banks that day.

These transactions will be considered blocked in IBS Exceptions Processing and will no longer be able to be changed. Any

ACH transaction not returned in this early window will still be able to be decisioned in IBS Exceptions Processing.

After final end of day there may be additional ACH items returned.

33

Currency Transaction Reporting

34

• Regulation

– Comply with the ‘spirit’ of FinCEN regulations about reporting large currency transactions IF a bank has ‘knowledge of’

cash activity on accounts with common ownership, but unique TINs.

• Overview of Changes

– Created an ‘optional’ aggregation method

– Clients establish one ‘parent’ with multiple ‘child’ TIN relationships

– CTR analyzes ALL cash activity for ALL related TINs each business day

– Client option to create a report or an actual CTR

• Value Add

– Increased efficiency by eliminating an almost impossible/time-consuming manual activity

– Increased efficiency by generating a CTR automatically for bank review/approval

– Demonstrates compliance with the ‘spirit’ of FinCEN regulations to examiners

Other Resources

• Forums to Discuss Compliance

– Regional user groups

– Study/Focus groups

– Quarterly Compliance User Group

• Additional IBS Compliance Resources

– Roadmaps

– Client Portal

– Compliance Position Papers

– The Support Center

– Bulletins

35

Thank YouCarl Bahneman, Carl.Bahneman@FISGlobal.com

Karla Booe, Karla.Jo.Booe@FISGlobal.com

Peter Dugas, Peter.D.Dugas@FISGlobal.com