Risk Management and Regulatory Examination/Compliance Seminar€¦ · BNP Paribas BNP Paribas USA, Inc. (IHC) BancWest Bank of the West First Hawaiian Bank BNP Paribas North America

Risk Management and Regulatory Examination/Compliance Seminar

October 27, 2015

Eric Young CCO-Americas and CCO-IHC

2

Information contained in this document does not imply that decisions have been made to take specific action. Any decisions / implementation actions will take place within the required social and legal processes.

I. Volcker Rule: Overview of the Compliance Program

3


CONFIDENTIAL Internal use only CBSR Project

Overview of the 6 Pillars of Volcker Rule Compliance Program

Written policies and procedures reasonably designed to document, describe, monitor & limit: • Exempted or excluded trading activities including setting, monitoring and managing limits. • Exempted or excluded activities and investments with respect to a covered fund.

Policies and Procedures Policies and Procedures

System of internal controls to include, but not limited to: • monitor on-going compliance with Volcker requirements (e.g., monitoring of MMI limits,

new activities/investments, out of scope activity, etc.) • ensure escalation of breaches and implementation of remedial actions.

Internal Controls Internal Controls

• Appropriate management review of trading limits, strategies, hedging activities, investments, incentive compensation and other matters.

• Responsibility and accountability.

Management Framework


Independent audit of the effectiveness of the Compliance Program conducted at least annually.

Metrics & Recordkeeping


The Volcker Compliance Program:

Independent Testing

Independent Testing

Training applicable front, middle, and back office personnel including all level of management. Training Training

• Quantitative metrics related to certain proprietary trading activities to be produced. • Records to be maintained at least 5 years to demonstrate compliance.

1 1

3 3

2 2

6 6

4 4

5 5

4



The Volcker Compliance Program: Policies and Procedures (Group & Business line level)

Leverage Existing Policies and Enhance as Necessary: • New product/business review • Bank investments policy (BHCA) • Conflicts of interest • Employee compensation • Risk management procedures

Trading Desk Procedures

Designed specifically to address exemption/exclusion being relied upon (e.g., trade mandates, desk procedures, hedging procedures, etc.

Policies & Procedures Policies & Procedures




Independent Testing

Independent Testing

Training Training



Global Enterprise-Wide Policies

General requirements of Volcker (e.g., definition, prohibited activities, exemptions/exclusions, global governance framework, etc.)

Description of global business line (e.g., BNP Paribas Corporate & Institutional Banking), description of Volcker activities, management framework, escalation procedures, etc.

Business Line Policies & Procedures

5




The Volcker Rule controls are being embedded in the existing control framework. New Global Volcker Office created to manage the global Volcker Compliance Program. Volcker Office housed within the Compliance function with locations in Paris, New York, London and Hong Kong.

Business Line Volcker Committees (BNPP Internal Controls Committee) • Existing “Internal Controls Committee” expanded to include a Volcker review.

On-going Volcker-related issues are reviewed and escalated to the management through this forum.

Group Board of Directors

ISSUE ESCALATION PROCESS Policies and Procedures Policies and Procedures

Training Training




Various Internal Control Functions (1st level and 2nd Level) • Review of trading desk mandates, monitoring of MMI limits, review of

relevant daily metrics, etc.

Group Executive Committee

Global Internal Control Committee (GICC) Internal Controls Internal Controls



Independent Testing

Independent Testing

Volcker Office:

Oversight of G

lobal Com

pliance P

rogram

6



Internal Controls & Independent Testing

Important to clearly define with role of business line, Compliance, Internal Audit and other functions.

Global Sub-Attestation

Conflicts of interest

Compensation

Training

Controls to ensure that permitted activity continue to meet the specific requirements & restrictions related to the relevant exemption/exclusion (e.g. MMI limit monitoring, etc.)

Global and regional sub-certification by heads of business lines as well as functions

Controls to monitor that conflicts of interest between BNPP and its clients are appropriately monitored, prevented and resolved (leverage on existing controls)

Review of employee compensation including committees to rate employees against control metrics

Training of all applicable global and regional employees

Examples of Key 1st and 2nd Level Controls Policies and Procedures Policies and Procedures

Training Training







Independent Testing

Independent Testing

New group investments

New activities

Monitoring of out of scope activities

Monitoring of in-scope activities

Investment in or “control” (BHCA definition) of iother entities by BNPP

Review of new products/activities/business lines

Appropriate controls to ensure that excluded activities continue to meet requirements of the relevant exclusion and remain out of scope

Independent Testing: 3rd Level of C

ontrol

7



Training & Metrics/Recordkeeping

� Create and retain records sufficient to demonstrate compliance and support the operations and effectiveness of the compliance program.

� Retain these records for no less than 5 years or such longer period as required

Funds activities &

investments

Training

• List of Volcker trading desks and corresponding exemptions/exclusions

• Documentation around production and review of metrics

• Documentation supporting the impact assessment performed • Volcker analysis conducted for new activities/businesses

• The list of employees that have been trained for the Volcker Rule (combination of live and electronic)

• Created “Train the Trainers” program and training program for independent testers

• An accurate list of funds sponsored or invested in indicating the exclusion or exemption being relied on

• For each fund sponsored or invested in, the documentation supporting the determination of the elected exclusion or exemption

Volc

ker R

ule

requ

irem

ents

Im

plem

enta

tion

with

in B

NPP

Controls & remediation

• Volcker Committee packages and minutes • Issues escalated/remediation plans, etc.

Policies and Procedures Policies and Procedures




Independent Testing

Independent Testing



The Volcker Compliance Program

Training Training

Trading activities

Impact Assessment

8


II. Intermediate Holding Company

9


BNP Paribas’ U.S. Intermediate Holding Company (IHC)

The Federal Reserve’s Enhanced Prudential Standards require a foreign banking organization (FBO) with more than $50 billion in U.S. non-branch assets to consolidate its U.S. legal entities under an intermediate holding company (IHC) and to manage risk across its combined U.S. operations (CUSO)

BNP Paribas

BNP Paribas USA, Inc. (IHC)

BancWest

Bank of the West

First Hawaiian Bank

BNP Paribas North America

Sec. Corp.

PBI

Other IP Entities

Other U.S. Subsidiaries

BNP Paribas’ U.S. Branches, Agencies, and Representative

Office

Combined U.S. Operations (CUSO)

Group

U.S.

Enterprise-wide Compliance

activities roll-up, reporting, and

analytics

Day-to-day Compliance

activities

| IHC Program | 10

Governance structure: CUSO/IHC

Audit Committee Risk Committee

Board of Directors

CCO CFO

CEO

CIO

Treasurer

Chairman

CDO

Head of HR

Gen. Counsel General Auditor

Compensation Committee

Board Secretary

CU

SO/IH

C

Boa

rd

CU

SO/IH

C E

xecu

tive

Mgm

t. Te

am

Entit

y

BWE CIB/IS

IHC Governance Structure

CRO

CRO CRO CCO CCO

CU

SO/IH

C E

xecu

tive

Mgm

t. Te

am

| IHC Program | 11

IHC Risk Committee

� Oversees and is otherwise responsible for the risk management of BNPP’s operations.

� Approves and provides ongoing oversight of management’s

risk management framework, including:

1) identification and assessment of risk, including emerging risks; 2) implementation of appropriate control processes to manage

those risks; 3) review and approval of policies and processes to manage and

control risk, and for risk management governance; 4) oversight of compliance with relevant laws and regulations, and 5) maintenance of a clearly articulated risk appetite statement that

aligns with the risk appetite of BNPP. � Approves and periodically reviews capital planning

processes on capital adequacy, capital actions, capital policies, capital plan, and stress test activities.

� Risk areas subject to Committee oversight include:

• credit, market (including interest rate);

• liquidity • operational

(including technology, cyber, data security and business continuity risks);

• Compliance; • Legal, and • reputational risks.

Purpose and Role

| IHC Program | 12

IHC Risk Committee

� Executive Management • Sets objectives for the Chief Risk Officer and

reviews performance and compensation against those objectives.

� Enterprise Risk

• Annually reviews and approves enterprise risk management framework.

� Credit Risk

• Oversees significant credit policies; reviews and approves material revisions to such policies.

� Market Risk

• Oversees significant policies governing the management of market risk, and reviews and approves any material revisions to such policies.

� Liquidity Risk

• Annually approves acceptable level of liquidity risk tolerance that BNPP may assume in connection with its operating strategies.

Key Oversight Responsibilities

� Operational Risk • Reviews consolidated reports on operational

risk, which includes key risk indicators.

� Compliance Risk • Annually reviews and considers for approval any

compliance risk policies recommended to it by management and otherwise oversees the implementation of the compliance program.

� Regulatory Risk

• Reviews regulatory examination reports and any correspondence addressed to the Board of Directors, including areas of criticism for less-than-satisfactory ratings.

� Cyber Risk

• Oversees business continuity programs.

� Compensation* • Collaborates with compensation committee to

integrate risk management and associated controls with management goals and compensation structure.

* Impacted if employee is non-compliant

| IHC Program | 13

Appendix

| IHC Program | 14

IHC Operating Committee Weekly

Program Sponsors: Program Manager:

U.S. IHC Steering Committee Monthly

S: Sponsor PM: Project Manager PMO: Project Management Office (Facilitator)

Wor

kstr

eam

s

Finance

Risk Compliance Structuring CCAR

ALM-T

FinReg

IT S: PM: PMO:

HR S: PM: PMO:

Note: Subject Matter Experts to bring their expertise on an ad-hoc basis in the Workstreams

Data Governance S: PM: PMO:

Governance S: PM: PMO:

Audit S: PM: PMO:

Regulatory relations S: PM: PMO:

Central PMO • Program office: • Costs: • Business Impact & Alignment: • Communication: • Roadmap & Milestones:

Global IHC Steering Committee Quarterly

IHC Implementation Org Chart

15


U.S. Regulatory Expectations Regarding Compliance Risk

Enterprise-wide Compliance

Management & Oversight

Governance

Compliance Activities

Compliance Personnel

1. Compliance Risk Management Programs and Oversight at Large Banking Organizations with Complex Risk Profiles

Required by Enhanced Prudential Standards to implement an enterprise-wide risk management framework, including over compliance risk

Expected by the Federal Reserve to establish integrated compliance programs for the CUSO/IHC, as outlined in SR 08-81

U.S. regulatory expectations for FBOs regarding Compliance risk Dimensions of regulatory expectations

16


Scope of the CUSO/IHC Compliance Program

Scope of Compliance responsibility includes defined operational functions and independent risk oversight

1. The CUSO/IHC Compliance Function owns the CUSO/IHC Transactions with Affiliates Policy. The CUSO/IHC Finance unit is responsible for its implementation.

In Scope Compliance Activities

Applicable Regulations Compliance Regulations

(e.g., Regulation O, Regulation W, Bank Secrecy Act (BSA),

Regulation Z, Regulation B, U.S. federal and state insurance regulations,

broker-dealer regulation, French banking

regulations)

Out of Scope Regulations

Other Banking Regulations (e.g., regulations relating to

capital planning and adequacy, and liquidity

risk management)

Non-Banking Regulations (e.g., regulations relating to tax, employment, and the

environment)

Out of Scope Compliance

Activities

Transactions with Affiliates1

NOTE: Oversight from some independent risk function

required

Risk Inventory Risk Assessment

Risk Profile Setting and Monitoring

Annual Compliance

Planning

Compliance Policies and

Training

Surveillance, Testing &

Monitoring

Issue Management Reporting

Documents

Risk Management and Regulatory Examination/Compliance Seminar€¦ · BNP Paribas BNP Paribas USA, Inc. (IHC) BancWest Bank of the West First Hawaiian Bank BNP Paribas North America