Lawdesk.comby Allan Shutt

Operational, LEGAL, AND COMPLIANCE SERVICES

Privacy of Information Management: We will create or enhance the Privacy of Information Program.  The Program will include a Board approved Privacy of Information Policy.  The Policies will formalize the commitment to safeguard customers’ personal information, transactions and account records while providing guidance to employees in carrying out their responsibilities.  The Compliance Department will ensure that the customers’ records are accurate and confidential and that the customer receives an annual Privacy Notice each calendar year.  We will create Privacy training materials for all employees. We will also help create a quarterly Privacy Report to be presented to Executive Management and the Board of Directors Audit Committee. 

Information Security Management:  We will create or enhance the Information Security Program. We will help the Board appoint an Information Security Officer to implement the Information Security Program.  The Board will approve the Information Security Policy, which will communicate the requirements for secure use of company resources and represent the strategy for how to implement the information security principles and technologies. This Policy represents senior management’s commitment to maintaining a secure network, which will allow the IT Staff to do a more effective job of securing the information assets. The Policy also provides legal protection by specifying exactly how users can and cannot use the network, how they should treat confidential information, and the proper use of encryption. We can help create the Information Security training for all employees.  We will also help create a quarterly Information Security Report to be presented to Executive Management and the Board of Directors Audit Committee. 

Contracts Management:  We will create or enhance the Contracts Management Program and Policy. The Contracts Management Program will include drafting and reviewing non-disclosure agreements (“NDA”), third party service provider agreements, marketing agreements, and policies and procedures on contractual issues affecting business units.  All NDAs and contractual agreements will be drafted to clearly delineate the parties’ responsibilities and follow regulatory contractual requirements.  A Contractual Requirements Checklist will be used to review every contractual agreement.  Each product or service will be reviewed and assigned a risk level of 1 through 4 (Level 1 is low risk and Level 4 is the highest risk).  Level 3 and 4 agreements are considered “critical” and require specific contractual provisions and protections.  All NDAs and contractual agreements will be organized and stored in a secure online location for easy access from anywhere at any time. We will also help create a quarterly Contracts Management Report to be presented to Executive Management and the Board of Directors Audit Committee. ​

Vendor Management:  We will create or enhance the Vendor Management Program and Policy. The Program will include on-going monitoring of the vendor relationship to ensure that the vendor is abiding by their contractual requirements.  A list of “critical” level 3 and 4 vendors will be maintained and updated. Management will ensure that each vendor that is considered critical to operation and processes or stores any account number or social security number will have Business Partner Data Security Review performed to validate compliance. We will also help create a quarterly Vendor Management Report to be presented to Executive Management and the Board of Directors Audit Committee. 

Compliance Management System:  We will help you create a robust and effective Compliance Management System (“CMS”).  The Compliance Program will include the proper Compliance Department structure, a Compliance Program and Policy Manual, Compliance Training, Compliance Audits, Inquiries and Complaints Management Program, Bank Secrecy Act (“BSA”) and Anti-Money Laundering (“AML”) Management, Privacy Management, Information Security Management, Contracts Management, Vendor Management, and plans for establishing the Board of Directors Audit Committee.  

Compliance Department:  We will help your Board of Directors appoint a Chief Compliance Officer (“CCO”) to implement the CMS.  The CCO will oversee the Compliance Department, which provides compliance guidance to corporate business partners.  Compliance will monitor and review new and revised regulations and guidance promulgated by state and federal regulatory agencies.  The Compliance Department will take a proactive monitoring approach to identify procedural or training weaknesses, to preclude regulatory violations.  The Compliance Department will review and approve all communications to consumers and customers. Compliance will attend online legal and compliance webinars and subscribe to law firm compliance update communications to stay current with regulatory actions, statutory and regulatory changes, and case law developments regarding applicable statutes and regulations.

Compliance Program and Policy Manual:  We will create or enhance the Compliance Program and Policy Manual for you. The Manual will include high level Policies relevant to your business. We will also help create a quarterly Compliance Policy Report to be presented to Executive Management and the Board of Directors Audit Committee.  
Compliance Training:  We will create or enhance the Compliance Training Program and the training materials. We will ensure that the Board receives specific training on an annual basis. We will also help create a quarterly Compliance Training Report to be presented to Executive Management and the Board of Directors Audit Committee. 

Compliance Reviews and Audits:  We will create or enhance the Compliance Reviews and Audit Program. A Compliance Review or Audit is an independent review of compliance with laws and regulations and adherence to internal policies and procedures.  A Review or Audit complements the internal monitoring system and it helps management ensure ongoing compliance and identify compliance risk conditions. We will help determine the scope of the Reviews and Audits and the frequency with which they should be conducted. We will also help create a quarterly Audit Management Report to be presented to Executive Management and the Board of Directors Audit Committee. 

Complaints and Inquiries Management:  We will create or enhance the Complaints and Inquiries Management Program.  The Program will include the Board approved Complaints and Inquiries Policy. The Complaint and Inquiry Tracking System will monitor all Complaints and Inquiries by using specific Codes.  The Codes will be assigned once a review of the Complaint or Inquiry response is completed. Legal or Compliance will review all responses to Complaints and Inquiries before they are sent.  Using the Codes, various Reports will be generated regarding Complaints and Inquiries.  These reports will be shared with the Complaint Committee and further discussed in the quarterly Complaints Meeting, which will include senior management from all departments. We will also help create a quarterly Complaints and Inquiries Management Report to be presented to Executive Management and the Board of Directors Audit Committee. 


Bank Secrecy and Anti-Money Laundering Management:  We will create or enhance the BSA/AML and OFAC Program.  We will help the Board appoint a BSA Officer to implement the BSA/AML and OFAC Program.  The Program will include the Board approved BSA/AML Policy, the Office of Foreign Assets Control (“OFAC”) Policy, a BSA Risk Assessment, a BSA Officer, a Customer Identification Program (“CIP”), a system of internal controls, testing of BSA compliance and monitoring, and BSA/AML and OFAC training for all employees and members of the Board. We will also help create a quarterly BSA/AML and OFAC Management Report to be presented to Executive Management and the Board of Directors Audit Committee.