Last week the Federal Reserve Bank of Boston released the written agreement between Santander Holdings USA, Inc. and the Federal Reserve Bank. There are at least two things about this document that are noteworthy: (1) the level of detailed requirements and (2) the fact that the Boston Fed Bank made this level of detail public. The Federal Reserve Banks are not prone to providing many details about their regulatory sanctions. The fact that they did in this case seems to indicate a level of frustration with Santander.
The document covers instructions in five areas where Santander is required to submit a written plan:
- Board Oversight
- Risk Management
- Capital Planning
- Liquidity Risk Management
- Compliance with Laws and Regulations
The two sections of most interest to compliance officers are Board Oversight and Risk Management because they provide useful insights that compliance officers may want ensure are included in their compliance management systems.
Board Oversight
From the Board Oversight perspective compliance management systems should include:
- The oversight structure of the consolidated organization including: (1) a description of the committees and officer positions responsible for oversight, (2) a description of the duties and responsibilities of each committee and officer and (3) the reporting structure.
- The responsibility of the Board of Directors in approving policies and procedures relating to the organization’s major business lines and operations.
- The responsibility of the Board of Directors to monitor adherence to approved policies and procedures as well as applicable laws and regulations.
- A description of the information and reports that will be regularly reviewed by the BOD in its oversight responsibility.
Risk Management
With respect to the risk management section of the Santander agreement, a bank should:
- Assess the effectiveness of the current firm-wide risk management program.
- Enhance written policies, procedures and risk management standards designed to identify, assess, manage and monitor risk exposures.
- Establish appropriate written risk tolerance guideline limits and control to ensure adherence to the written policies and procedures.
- Define roles and responsibilities for the risk management function including staffing levels and expertise.
- Improve the information, reports, systems and data that identify, measure and aggregate risk and exposure data.
- Implement incentives that are consistent with risk management objectives.
In short, compliance officers can learn more about regulator expectations based Santander’s experience with the Federal Reserve Bank of Boston.