Office of the Comptroller Handbook: Internal Control
By Daniel Edstrom
DTC Systems, Inc.
Understanding the Cease and Desist Consent Orders begins by understanding safe and sound banking. The foundation of safe and sound banking is effective internal controls. This handbook discusses Internal Control for National Banks. Consider the following handbook quote:
Effective internal controls are the foundation of safe and sound banking. A properly designed and consistently enforced system of operational and financial internal control helps a bank’s board of directors and management safeguard the bank’s resources, produce reliable financial reports, and comply with laws and regulations. Effective internal control also reduces the possibility of significant errors and irregularities and assists in their timely detection when they do occur.
In the Cease and Desist Consent Orders issued on April 13, 2011 the Office of the Comptroller is essentially saying the following:
Ineffective internal controls are the foundation of unsafe and unsound banking. A poorly designed and inconsistently enforced system of operational and financial internal control inhibits a bank’s board of directors and management from safeguarding the bank’s resources, from producing reliable financial reports, and from complying with laws and regulations. Ineffective internal control also increases the possibility of significant errors and irregularities and assists in the failure of their detection during their occurance as well as long afterwords.
The Comptroller’s Handbook defines Internal Control as follows:
Internal control is the systems, policies, procedures, and processes effected by the board of directors, management, and other
personnel to safeguard bank assets, limit or control risks, and achieve a bank’s objectives.
The Comptroller’s Handbook says the following about regulatory requirements:
National banks must adhere to certain regulatory requirements regarding internal control. These requirements direct banks to operate in a safe and sound manner, accurately prepare their financial statements, and comply with other banking laws and regulations. The laws and regulations that establish minimum requirements for internal control are 12 CFR 30, Safety and Soundness Standards; 12 CFR 363, Annual Independent Audits and Reporting Requirements; and 15 USC 78m, Securities Exchange Act of 1934.
12 CFR 30
12 CFR 30, Safety and Soundness Standards, establishes certain managerial and operational standards for all insured national banks, including standards for internal control. Appendix A to 12 CFR 30 states that a national bank should have internal controls that are appropriate to the size of the bank and the nature, scope, and risk of its activities, and that provide for• An organizational structure that establishes clear lines of authority and responsibility for monitoring adherence to prescribed policies.
• Effective risk assessment.
• Timely and accurate financial, operational, and regulatory reports.
• Adequate procedures to safeguard and manage assets.
• Compliance with applicable laws and regulations.When a national bank fails to meet these standards, the OCC may require management to submit a compliance plan to address internal control deficiencies. If the bank fails to submit a satisfactory plan, the OCC must, by order, require the bank to correct the deficiency.
This is pretty much the action that the OCC has taken in the Cease and Desist Consent Orders. It should also be of significance to note that the actions taken in many cases under the Cease and Desist Consent Orders were directed to some of the largest national banks under complex financial engineering transactions.
Download the Comptroller’s Handbook on Internal Control: http://dtc-systems.net/wp-content/uploads/2011/11/intcntrl.pdf