LEGAL AND COMPLIANCE SERVICES

Lawdesk.com by Allan Shutt

Compliance Management System:  Allan Shutt can create a robust and effective Compliance Management System (“CMS”), based on the Office of the Comptroller of the Currency (“OCC”) CMS Handbook.  The Compliance Program will include a Compliance Program and Policy Manual, Compliance Department, Compliance Training, Compliance Audits, Complaints Management, Bank Secrecy Act (“BSA”) and Anti-Money Laundering (“AML”) Management, Privacy Management, Information Security Management, Contracts Management, Vendor Management, and the Board of Directors Audit Committee.  

Compliance Department:  We can help your Board appoint a Chief Compliance Officer (“CCO”) to implement the CMS.  The CCO will oversee the Compliance Department, which provides compliance guidance to corporate business partners.  Compliance will monitor and review new and revised regulations and guidance promulgated by the OCC, CFPB, FDIC, FTC, and the FCC.  The Compliance Department will take a proactive monitoring approach to identify procedural or training weaknesses, to preclude regulatory violations.  The Compliance Department will review and approve all communications to consumers and customers. Compliance will attend online legal and compliance webinars and subscribe to law firm compliance update communications to stay current with regulatory actions, statutory and regulatory changes, and case law developments regarding FDCPA, FCRA, and TCPA.

Compliance Program and Policy Manual:  We will help create a tailored Compliance Program and Policy Manual, which can include the following Policies: Compliance Program and Policy; Bank Secrecy Act Policy; Office of Foreign Assets Control Policy; Federal Right to Financial Privacy Act Policy; Equal Credit Opportunity Act and Regulation B Policy; Fair Credit Reporting Act Policy; Privacy of Consumer Financial Information Policy; Servicemembers Civil Relief Act Policy; Code of Ethics Policy; Truth-in-Lending Act and Regulation Z Policy; Telephone Consumer Protection Act Policy; Unfair, Deceptive, or Abusive Acts or Practices Policy; CAN-SPAM Act Policy; Electronic Signatures in Global and National Commerce Policy; Social Media Policy; Vendor Management Policy; Fair Debt Collection Practices Act Policy; Identity Theft Protection Program Policy; Complaints and Inquiries Policy; and Community Reinvestment Act Policy. We can help create a quarterly Compliance Policy Report to be presented to the Board of Directors Audit Committee.  

Compliance Training:  We can help create Compliance Training Program in the following areas: FDCPA, FCRA, ECOA/Fair Lending, TILA, GBLA, EFTA, TCPA, FTCA, UDAAP, SCRA, Privacy, BSA/AML, and OFAC. We can also help you ensure that the Board receives specific training on an annual basis, such as ECOA/Fair Lending and BSA/AML. We can help create a quarterly Compliance Training Report to be presented to the Board of Directors Audit Committee.  

Compliance Reviews/Audits:  We can help create your Compliance Review/Audit Program. A Compliance Review or Audit is an independent review of compliance with consumer protection laws and regulations and adherence to internal policies and procedures.  An audit complements the internal monitoring system and it helps management ensure ongoing compliance and identify compliance risk conditions. We can help determine the scope of the audits and the frequency with which audits are to be conducted. We can help create a quarterly Audit Management Report to be presented to the Board of Directors Audit Committee.

Complaints Management:  We can help create your Complaints Management Program.  The Program will include the Board approved Complaints and Inquiries Policy. The Complaint and Inquiry Tracking System will track all Complaints and Inquiries by using specific Codes.  The Codes will be assigned once a review of the Complaint or Inquiry response is completed. Compliance will review all responses to Complaints and Inquiries before they are sent.  Using the Codes, various Reports can be generated regarding Complaints and Inquiries.  These reports will be shared with the Complaint Committee and further discussed in the quarterly Complaints Meeting, which will include senior management from all departments. We can help create a quarterly Complaints and Inquiries Management Report to be presented to the Board of Directors Audit Committee.  

Bank Secrecy and Anti-Money Laundering Management:  We can help create your BSA/AML and OFAC Program.  We can help the Board appoint a BSA Officer to implement the BSA/AML and OFAC Program.  The Program will include the Board approved BSA Policy, the Office of Foreign Assets Control (“OFAC”) Policy, a BSA Risk Assessment, a BSA Officer, a Customer Identification Program (“CIP”), a system of internal controls, testing of BSA compliance and monitoring, and BSA training and OFAC training for all employees and members of the Board. We can help create a quarterly BSA and OFAC Management Report to presented to the Board of Directors Audit Committee.

Privacy Management: We can help create your Privacy Program.  The Program will include a Board approved Privacy of Consumer Financial Information Policy and the Federal Right to Financial Privacy Act Policy.  The Policies will formalize the commitment to safeguard customers’ personal information, transactions and account records while providing guidance to employees in carrying out their responsibilities.  The Compliance Department will ensure that the customers’ records are accurate and confidential and that the customer receives an annual Privacy Notice each calendar year.  We can help create the Privacy training for all employees. We can help create a quarterly Privacy Report to be presented to the Board of Directors Audit Committee.​

Information Security Management:  We can help create your Information Security Program. We can help the Board appoint an Information Security Officer to implement the Information Security Program.  The Board will approve the Information Security Policy, which will communicate the requirements for secure use of company resources and represent the strategy for how to implement the information security principles and technologies. This Policy represents senior management’s commitment to maintaining a secure network, which will allow the IT Staff to do a more effective job of securing the information assets. The Policy also provides legal protection by specifying exactly how users can and cannot use the network, how they should treat confidential information, and the proper use of encryption. We can help create the Information Security training for all employees.  We can help create a quarterly Information Security Report to be presented to the Board of Directors Audit Committee.

Contracts Management:  We can help create your Contracts Management Policy. The Contracts Management Policy will include drafting and reviewing non-disclosure agreements (“NDA”), third party service provider agreements, marketing agreements, and policies and procedures on contractual issues affecting business units.  All NDAs and contractual agreements will be drafted to clearly delineate the parties’ responsibilities and follow regulatory contractual requirements published by the OCC.  A Contractual Requirements Checklist (based on the OCC requirements) will be used to review every contractual agreement.  Each product or service will be reviewed and assigned a risk level of 1 through 4 (Level 1 is low risk and Level 4 is the highest risk).  Level 3 and 4 agreements are considered “critical” and require specific contractual provisions and protections.  All NDAs and contractual agreements will be organized and stored in a secure online location for easy access from anywhere at any time. We can help create a quarterly Contracts Management Report to be presented to the Board of Directors Audit Committee.

Vendor Management:  We can help create your Vendor Management Policy. The Policy will include on-going monitoring of the vendor relationship to ensure that the vendor is abiding by their contractual requirements.  A list of “critical” level 3 and 4 vendors will be maintained and updated. Management will ensure that each vendor that is considered critical to operation and processes or stores any account number or social security number will have Business Partner Data Security Review performed to validate compliance. We can help create a quarterly Vendor Management Report to be presented to the Board of Directors Audit Committee.