Regulatory Compliance

Everything I am aware of, I am in control of…

Beirut, 09/09/09Serge Andezian, CISA, LACPA

Senior Internal Auditor, IT [email protected]

mailto:[email protected]

Everything I am aware of, I am in control of… Wednesday, September 16, 2009

2

Who am I?


3

Who am I?

Serge A. Andezian is a Senior Internal Auditor / IT Auditor

working at Bank of Beirut s.a.l.

www.bankofbeirut.com.lb


4

Who am I?

He holds Masters Degree in Business Administration from

the Lebanese American University LAU, Beirut with

Audit specialization


5

Who am I?

He is member of:

The Institute of Internal Auditors IIA

Information Systems Audit & Control Association ISACA

andLebanese Association of Certified

Public Accountants LACPA


6

Who are you?


7

The financial crisis is forcing companies to make tough decisions!!

There is a risk that we might need to lay off Moussa

Who are you?


8

Why I am here?


9

Regulations:

Abandon Hope all ye who enter

here >

Why I am here?


10

What's the importance of Regulations?


11

Why are you into Regulations?

Why are you into regulations?


12

1- Objectives of Banking Regulation

1. Prudential (protect depositors)

2. Systemic risk reduction

3. Avoid misuse of banks

4. Protect banking confidentiality

5. Credit allocation


13

2 - Principles of Banking Regulation

1. Minimum requirements

2. Supervisory review

3. Market discipline


14

3 - Instruments and requirements

1. Capital requirements

2. Reserve requirements

3. Corporate governance

4. Credit rating requirements…

Everything I am aware of, I am in control of…

Break

Wednesday, September 16, 2009

15


16

Case Study- Morti Bianche

”


17

4 - Compliance Risk

Compliance Risk is --

“…the risk of regulatory sanctions, financial loss, or damage to reputation and franchise value that arises when a banking organization fails to comply with laws, regulations, or the standards or codes of conduct of self-regulatory organizations applicable to the banking organization’s business activities and functions”


18

4.1 - Components of Compliance Risk

Regulatory Risk

Operational Risk

Legal Risk

Reputational Risk


19

4.2 - Control Your Compliance Risks

•Identify, manage, monitor, and control your Risk

•Effectiveness of controls in place to mitigate Risk


20

5 – Lessons Learned

What made Lebanon avoid the eye of the Storm ?


21

1. Policies & Prudential Measures set by BDL

2. Effective role of the Supervisory Authority

5 – Lessons Learned (Reasons)


22

Investments in real estate

•Banks are prohibited from investment in real estate except to acquire their premises (BDL Circular Nov. 1999)

•Real estate acquired in settlement of bad loans should be liquidated within max 2 years (CMC Art. 154; BDL Circular Dec. 2000)

5.1 – Policies & Prudential Measures


23

Investments in loans

•Loans against financial instruments (BDL Circular October 1998)

•Limited to 50%of the portfolio•Margin call at 25%decline in the value of portfolio

•Real Estate loans (BDL Circular July 2008)

•Limited to 60%of real estate value

5.1 – Policies & Prudential Measures (cont’d )


24

Adoption of Basel II

•In April 1st 2006, BDL decided to adopt Basel II(Standardized Approach) effective 1/1/2008

•Capital Adequacy Ratio (CAR) Basel II is around 12% today

5.1 – Policies & Prudential Measures (cont’d )


25

•BCC off site supervision carried out on a monthly basis monitoring of financial statements

• BCC on site supervision extends beyond review & assessment of banks internal systems, policies & procedures & review credit files

5.2 – Role of Supervisory Authorities


26

This ensured:

5.2 – Role of Supervisory Authorities

• Early capture of new risks

•Adequate provisioning levels

•Proper safe lending & sound investment


27

What Happens If Compliance Risk Is Not Effectively Managed?


28

6 – Cost of non-compliance

•In 2004 the Bank of America lost unencryptedtapeswith account information on 1.2 million US federalemployee credit cards, including 60 US senators. Thetapes went missing during shipment to a remote site.

•April 2005: Details of 3500 Australian customers from18 banks, including names and account numbers, lost on a USB stick by a representative of the Australian High Tech Crime Centre during transit to aninternational meeting on computer crime.


29

6 – Cost of non-compliance (cont’d)


30

Q & A


31

Thank You

Economy & Finance

Regulatory Compliance