Transforming organizations through skillful alignment of people, process and technology.
The Hilltop Companies

Regulatory Risk & Audit Strategy

Our Risk Management services address the risk of regulatory non-compliance and the strategy a client may take relative to a regulatory examination.   Our proprietary risk management process is to assess and identify the types of non-compliance associated with a particular type of risk.  In the case of Regulatory Risk, there are a number of key risks that banks, lenders, and loan servicers should address.   We have identified the regulatory entities, requirements and compliance needs on our webpage – see Regulatory Compliance Audits.

Our risk process will incorporate the following steps:

  • Identify the population of regulatory compliance requirements
  • Assess the internal policies that document what and how the company will comply
  • Assess the internal processes that are executed to enable compliance
  • Assess the controls that are designed to ensure compliance
  • Test the processes and controls through initial walk throughs and sample testing to formulate initial conclusions
  • Identify the requirements that have higher risk of non-compliance given the above initial conclusions
  • Test in detail such higher risk areas to determine the amount of non-compliance

After applying this risk management assessment process, The Hilltop Companies will be able to identify the higher risk areas where regulatory non-compliance is more likely, the types of non-compliance that were observed, and some preliminary thoughts on what remediation efforts should be completed.

Further, our team will be in a position to provide some strategy in handling the regulatory examiners when they do come in to perform their audits.  Our audit strategy could include addressing the following:

  • How communications of the initial findings should be completed,
  • What policy, process, people and technology changes that are planned to assist in ensuring compliance,
  • Additional or revised controls to be put in place,
  • Whether expanded testing should be done prior to the examination,
  • How results of such pre-exam testing should be provided,
  • Who the executives are to communicate with examiners are,
  • Who the Lead project resources might be to orchestrate the remediation efforts
  • Whether engaging independent compliance audits makes sense from the examiners perspective
  • What other unique non-compliance issues there are and how to handle such.

We have experienced examinations where our client was not prepared for examiners – either pre exam (not knowing what the examiners were going to look for) or post exam (not being prepared to handle remediation efforts).   Our risk management and compliance audit teams will collaborate to assist you with being ready and addressing the exam issues effectively.