Governance and Trust Committee Structure

FIRMA 21st National Training Conference

Julia Fredricks, SVP- U.S. Chief Compliance OfficerHarris Financial Corp

April 18, 2007

2

Agenda

Purpose and design of board and management committees

Expectations of regulators

Committee structure example

Advantages/disadvantages to different structures

Key accountabilities, members, and responsibilities of committee

Useful tools/protocols

Balancing needs of separate legal entities governed by different regulatory agencies

3

Governance and Trust Committee Structures

Strong management and board oversight is a key element to a strong internal control and risk management structure.

A strong governance and trust committee structure both at the management and the board level allows for effective oversight and is indicative of a commitment to risk management and internal control.

The Fed, the OCC, and the OTS expect institutions with trust powers to have active executive management and board involvement. The SEC expects a strong “culture of compliance”.

For complex organizations, I believe this is managed most effectively through a committee structure. This should be customized at each institution in terms design and activities, lines of businesses and legal entities.

4

Expectation of Primary Regulator - OCC Board and Senior Management have key responsibilities

Must recognize their responsibility to provide proper oversight of asset management activities, and the official records of the board should clearly reflect the proper discharge of that responsibility.

Must understand the asset management business, how asset management activities affect the bank’s position and reputation, the bank’s regulatory environment, and other external market factors.

Establish the strategic direction, risk tolerance standards, and ethical culture for asset management activities.

Adopt and implement an adequate and effective risk management system. Monitor the implementation of asset management risk-taking strategies and

the adequacy and effectiveness of the risk management system in achieving the company’s strategic goals and financial objectives.

Senior Management responsibility for effective risk management systemsEnsure the development and implementation of an adequate and effective risk management system composed of risk assessment, control, and monitoring processes.

Board of Directors and Senior Management Commitment Establish and guide the strategic direction for asset management activities

by approving strategic and financial operating plans. Create a risk management culture that promotes strong ethics and an

environment of responsibility and accountability that is fully accepted within the banking organization.

(Asset Management Comptrollers Handbook December 2000)

5

Expectation of Primary Regulator - FED Board of Directors key responsibilities

Approve overall fiduciary business strategies and policies including those related to identifying, measuring, monitoring and controlling fiduciary risks.

Understand the nature of the risks significant to their organization and ensure that management is taking the steps necessary to manage these risks.

Senior Management key responsibilities Implement approved strategies in a way that will limit fiduciary risks and

ensure compliance with laws and regulations Fully involved in the fiduciary activities of their institution Have sufficient knowledge of all fiduciary business lines to ensure that

necessary policies, controls and risk monitoring systems are in place and that accountability and lines of authority are clearly set forth

Ensure that its lines of fiduciary business are managed and staffed by persons with knowledge, experience, and expertise consistent with the nature and scope of the organization's fiduciary activities

Before offering new services or introducing new products, identify fiduciary risks associated with them and ensures that internal controls are in place to manage the service or product and the accompanying risk

Approve appropriate policies, procedures, recordkeeping systems and reporting systems to support the fiduciary activities and to help measure and monitor risks

Establish procedures to keep informed about changes in fiduciary activities and the associated risks

(SR 96-10 (SPE) April 24, 1996 - Risk-Focused Fiduciary Examinations )

6

Expectation of Primary Regulator - OTS

Responsibilities of the Board of Directors and Management hiring and retaining competent personnel ensuring that adequate management is in place to control risks instituting adequate policies, processes and controls that consider the

size and complexity of the savings association’s trust and asset management activities

establishing effective risk monitoring and management information systems

Directors are responsible for retaining and performing general supervision over the exercise of trust powers

Directors must be sufficiently independent of corporate affiliates and personal conflicts of interest to properly serve the interests of the savings association

Directors are responsible for the prudent investment and disposition of property held in a fiduciary capacity

ensuring that an annual audit is conducted ensuring that a record of pending litigation is kept The board should ensure that the trust department’s management

information and data processing systems are adequate to provide the type and quantity of reports necessary to assess and monitor the trust department’s performance

The board should ensure that corrective action is effectively implemented when deficiencies are reported

(OTS Trust and Asset Management Handbook)

7

Expectation of Primary Regulator - SEC

The Advisers Act incorporates an adviser's fiduciary duty under Section 206, and envisions that, in whatever factual scenario, the adviser will act in the best interests of his clients. As a fiduciary, an adviser is held to the highest standards of conduct and must act in the best interests of its clients.

Compliance Program rule, Rule 38a-1, requires board approval of the fund's policies and procedures and those of each investment adviser, principal underwriter, administrator, and transfer agent of the fund, and requires an annual report by the Chief Compliance Officer to the board.

Recent Investment Advisor request letter suggest that active management and Board involvement is an inherent expectation:

“Registrant’s overall process for and commitment to establishing and maintaining an effective compliance culture (its “tone at the top”).

“A copy of the minutes of any risk committee meetings that were held during the inspection period. Please note that advisors are not required to have a risk committee.”

“Copy of risk management reports that show/illustrate the measures used to manage risks in client accounts, such as leverage, beta, concentration, and performance attribution analysis”.

“Copy of investment management committee minutes”.

8

Board and Management Committee Structure – Example

Board of Directors

Fiduciary and Investment Risk Management Committee

Bank Investment Policy Committee

Subsidiary Investment Policy Committees

Code of Ethics Compliance Committee

Proxy Advisory Committee

Directors Trust Committee

9

Board Committee Structure – Example

Directors Trust Committee responsibility:

The DTC is responsible for performing duties to enable the Boards of Directors to fulfill their oversight responsibilities in relation to: oversight, including proper risk management and control, of the operation of fiduciary activities of subsidiaries, and oversight, including proper risk management and control of the operation of non-fiduciary investment related activities of the subsidiaries. In addition, certain fiduciary and non-fiduciary activities of subsidiaries are organized and managed in a manner that is closely intertwined with the activities otherwise within the purview of the Committee. This Committee shall oversee such activities to the extent of such interrelationship. The DTC is granted the authority to define the general scope, content, and direction of fiduciary and non-fiduciary investment-related products and services for the organization.

Key reporting items: Material Risks Emerging Risks Significant Events Near misses

10

Management Committee Structure – Example

Fiduciary and Investment Related Activities Risk Management Committee (FRMC)

The Fiduciary and Investment Related Activities Risk Management Committee is established to serve as a forum to review, inform, consult, discuss, and approve significant risk issues and action plans addressing current and emerging risks that arise in the course of executing the organization’s strategy in trust, probate, guardianship, conservatorship, and certain investment management, investment advisory, securities and custody activities. It is established to ensure major risks arising from these activities are understood, quantified, documented, mitigated where appropriate, and constrained by policy and directives as necessary in order to balance risk and return in such activities and businesses.

Key reporting items: Material Risks Emerging Risks Significant Events Near misses

11

Management Committee Structure Committees can be structured by department, by legal entity, or by holding

company.

By Department or Legal entity:

Advantages:

Allows for focused discussions on key topics

Allows for open communication

More control over committee dynamics

Disadvantages:

Lack of independent view or assessment of issues

Limited ability to escalate issues

Lack of tie to board of directors

Potentially significant issues may not receive appropriate level of attention

12

Management Committee Structure (cont’d) By holding company - Advantages:

Particularly in light of “Enterprise-wide Risk Management”, a committee that crosses legal entities and department boundaries becomes a useful tool

The risks of one line of business could affect another – open discussion allows for more complete analysis and assessment

What may be an acceptable risk at one level may be unacceptable when aggregated at a higher level

Exam experiences can be shared across entities

Can be used as a precursor to the holding company board meeting

Disadvantages:

Additional examiner scrutiny and potential scope creep

Management may not be comfortable holding open and frank discussions in presence of other LOBs or legal entities

Meeting dynamics may become difficult to manage

Potentially opening more information to discovery inquiries in litigation against one legal entity

13

Provide oversight:

Governance Approve policies, directives, standards Approve new and modified products, initiatives, services, and

distribution channels

Review of assessments used to determine adherence to policies, operating procedures, and strategic initiatives

Review management reports on operational and performance results

Cross-enterprise view of topics

Key elements to be discussed/considered by committee:

Significant risk issues and management strategies; Significant changes in strategies, products, services, and distribution

channels; Significant changes in organization, policies, controls, and information

systems; and External factors that are affecting services.

Key Committee Accountabilities and Responsibilities

14

Key Committee Accountabilities and Responsibilities (cont’d) Escalate issues:

Review of material risks, emerging risks, significant events, and near misses

Committee used as a forum to facilitate the resolution of risk issues. Issues arise from:

Risk and Control Self Assessments (“RCSAs”); Audits, exams, compliance reviews; new or modified product recommendations; changes in laws or regulations; Code of Ethics; Conflicts of Interest; or Litigation

Issues may not be significant at lower level subsidiary or department, but when viewed in aggregate, trends may emerge or issue becomes more prominent

Committee assesses the responsiveness to deficiencies and the effectiveness of corrective action and follow-up activities

The Committee then escalates to: Board, Executive Management, CEO

15

Fix accountabilities

Each issue raised is assigned an accountable executive. Ensures resolution of significant items

Issues are tracked through to resolution

Report activities that will be escalated to the board committees

Allows forum to review Board materials to ensure they are appropriate, complete, accurate

Key Committee Accountabilities and Responsibilities (cont’d)

16

Key Members Who your key members are is determined by the scope of the committee –

some examples:

Management of areas with fiduciary risk or asset management responsibilities

Institutional Trust Custody Land Trust Personal Trust Employee Benefit Plan area Insurance Safekeeping Retail broker/dealer Investment advisor Proprietary mutual funds Operations

Management of Corporate Support Areas

Fiduciary Risk Management Fiduciary Counsel Compliance Audit – key “permanent guest”

17

Useful Tools/Protocols

Timing of meetings: Useful to be 1-2 weeks prior to Holding Company board and committee meetings

Materials provided to members no less than 3 days prior to meeting to allow for review

Open items list Reports to be presented to provide status on outstanding items Outstanding audit, RCSA, exam, compliance issues

Calendar/Standing agenda including, at a minimum periodic reports from: Corporate Audit Corporate Compliance Legal Risk Management Operations – operational risk issues Line of Business – performance issues/status

Attendance list, reports of attendance

Minutes

18

Open Items List Example

Date of Meeting

Individual Responsible for Item

Original Date Due

Revised Due Date

Source of Item (Audit, Exam, Compliance monitor, RCSA, other (specify))

Action Item Status of Item

02/15/07 J. Smith, Fiduciary Counsel

05/17/07 n/a Regulatory Development

Assess impact of Regulation R – Broker Push Out Rules and assign responsibility for each unit impacted

Meetings have begun. Update to be provided

11/15/06 F. Jones, COO XYZ Subsidiary

02/15/07 5/17/07 Exam Issue (SEC Exam of XYZ subsidiary dated 10/31/06)

Ability to readily retrieve emails of employees criticized. Automated solution to be implemented.

Implementation more time consuming than anticipated. Extension to 05/17/07 requested.

19

Annual Calendar Example

FRMC -- 2007 PLANNER

AGENDA ITEMS 15-Feb-07 17-May-07 16-Aug-07 15-Nov-07

         

REVIEW OF MINUTES

Approval of Minutes X X X X

Review of sub-Committee minutes X X X X

STANDARD AGENDA ITEMS

Emerging Issues (as required) X X X X

Report of Chief Auditor X X X X

Report of General Counsel X X X X

Report of Chief Compliance Officer X X X X

Report of Chief Risk Officer X X X X

Review of 90 Day Write-Off and Recovery Report X X X X

Quarterly Differences and Losses X X X X

AGENDA ITEMS UNIQUE TO A PARTICULAR MEETING(S)

Business Unit Report of Activities        

- Personal Trust X      

- Investment Advisor Subsidiary   X    

- Broker/Dealer sub     X  

Policies and Procedures Update       X

Assessment of New Products and/or Services As Needed As Needed As Needed As Needed

20

Sample Report – Report of Chief Compliance Officer Chief Compliance Officer utilizes this as a precursor to reporting to the

Audit Committee. Information is provided in slightly more detail, discussions are more detailed, and focus for this committee is fiduciary activity only.

Top 3 issues identified or being monitored

Results of compliance monitor activities

Information on Compliance training

Legislative and Regulatory Developments

Communication with Regulators – Exam activities

Summary of Corporate Audit and RCSA reports impacting Compliance

21

Balancing needs of separate legal entities governed by different regulatory agencies In large complex banking organizations, it is not uncommon to have

subsidiaries governed by the OCC, Fed, SEC, NYSE, NASD, and potentially others.

Can be managed through dual reporting structures – one line to the corporate group, one line to the legal entity executive

Assess issues and risks at the entity level, then secondarily assess their impact on the line of business and organization as a whole

Utilize knowledge gained from exams and audits in one subsidiary to perform an assessment of other subsidiaries prior to their own exam or audit.

Ensure there is strong communication and reporting between the entities and the corporate area consolidating the information – impress upon the subsidiary the usefulness of being part of a larger organization

Be cautious/wary of subsidiaries that wish to operate autonomously, who are not forthcoming, who do not recognize that they are part of a larger organization