Insider Activities

Processes

Conclusion:

Internal operating procedures and information systems (are, are not) effective in enabling management to comply with laws and regulations as well as avoiding even the appearance of preferential treatment regarding insider activities.

Objective: To ensure that the bank’s operating procedures and information systems are adequate to enable management to comply with laws and regulations and board-established policies regarding insider activities.

1.

  1. Review bank management information systems, and determine whether they:

    • Can provide aggregate data on insiders and their related interests.

    • Can ensure proper monitoring of, and compliance with, insider lending restrictions (see 12 CFR 215.8 for record keeping requirements).

    • Require that reports on insiders be retained for at least three years (12 CFR 215.22(d)).

    • Require that records of publicly requested disclosures of information be retained for two years from the date of the request (12 CFR 31.2(a) and 215.23(b)).

  2. Determine whether the bank has established communication channels outside the normal chain of command through which employees can seek advice on ethics or compliance questions.

  3. Determine whether the bank’s employment practices include performing periodic background checks on insiders.

  4. Determine whether insider-related reports are being reviewed by management and the board.

Previous: Quality of Risk Management Next: Personnel