Volume 30, No. 2
CONTENTS
8
Shadow Wars: Managing an Effective Identity Theft Prevention Program
BY JOHN P. BONORA, CRCM
Compliance and risk officers across the country face the task of balancing effective controls to drive a successful program while not overwhelming
business lines with duplicative procedures, timely documentary exercises, and costly IT systems. Program administrators also face unique
obstacles surrounding oversight of service providers and the pioneering examination approach that certain regulators will utilize when assessing
an institution’s level of compliance. Moving forward, every financial institution will be a critical player in this shadow war against identity theft.
Understanding how to overcome these obstacles will be the key to managing an effective yet sustainable program for your institution.
14 Recommendations for BSA Reform (Part 2)
BY ROBERT S. PASLEY
In the last issue of ABA Bank Compliance, the first and fifth recommendations—pertaining to the need for a BSA gatekeeper and the need for
revisions with regard to the prosecution of BSA violations—were summarized and analyzed. This article addresses the second, third, and fourth
recommendations, which deal with the need for an explicitly articulated risk-based BSA regime, the need for enhanced BSA-related feedback and
transparency, and the need for streamlining and providing enhanced quality control over BSA-related reports and recordkeeping requirements.
22 What Is Your HMDA Data Telling You and Why Is It Important?
BY PHILLIP R. FREER, JR., CRCM, AND CALVIN R. HAGINS, CRCM
You might be asking yourself, why do we need another article covering the Home Mortgage Disclosure Act (HMDA)? For over 30 years,
banks subject to HMDA have been collecting and reporting mortgage-related data, yet many banks continue to complain about the burden
HMDA imposes on them. As we recently learned, HMDA data collection requirements
change, and we also know that given recent market and political changes, it is possible that
collection and reporting of additional data may be required. HMDA isn’t going away. It is
time to make the data work for you.
28 Managing Compliance Risk in Large Organizations
BY JOHN ATKINSON
DEPARTMENTS
Compliance Management 4
BY CARL G. PRY, CRCM
Noting that both banking organizations and their compliance requirements have become
more complex in recent years, last fall the Federal Reserve Board issued guidance to clarify
regulatory expectations and address industry requests for more detail about how to manage
compliance risk. Titled “Compliance Risk Management Programs and Oversight at Large
Banking Organizations with Complex Compliance Profiles,” this guidance was issued as a
joint Supervision and Regulation Letter and Consumer Affairs Letter on October 16, 2008.
In this article we will take a close look at the details of this letter, which will most assuredly
be among the key areas of focus at upcoming examinations.
Governance 6
BY PAUL R. OSBORNE, CPA,
CPO, AND ALAN S. ABEL,
CPA, CFE
Resources
Continuing Education Quiz
42
44
34 Managing Compliance within a Call Center
BY DENNIS C. WILSON, CRCM
You’ve updated your procedures, you’ve put in place backroom monitoring systems, and
you’ve worked tirelessly on the training material. You reviewed the training records and all call
center financial specialists (FS) have been trained. Now you can relax—or can you? The simple
answer is no. Now begins the work of determining how best to monitor what occurs within
your call center, from the initial inbound call until successful completion of the transaction.
It involves more than customer satisfaction, although that is a big part of it. Regardless of
whether the line of business is profitable, is it compliant? In this article, we will discuss some of
the best practices our team has discovered to ensure compliance in the call center.
