Regulatory and Compliance Arena Under Enterprise Risk Management

Redmond Worldwide, Inc is well experienced in the current Regulatory Standards. Failure to comply with Regulatory  Requirements can result in fines, imprisonment, possible civil litigation, and the risk of damage to reputation. Rules also apply to business partners.

Redmond Worldwide, Inc. can help you by providing:

• A framework for awareness and understanding
• Review of  new standards and impacts on the organization
• Evaluation of Entity current state of compliance with new regulations
• Roadmap for implementing the corrective actions
• Develop compliance strategies
• Design and implement strategic solutions
• Provide and ongoing analysis of compliance with standards

We recommend having Redmond Worldwide conduct a Gap Analysis of your Regulatory Processes. We can help your organization meet its Regulatory Requirements by first conducting a Gap Analysis and then completing all of the necessary documentation for your Organization.

• Regulatory Gap Analysis

• Regulatory Impact Analysis

• Regulatory Strategy

• Regulatory Check List

• Regulatory Plan

Regulations and Practices

• Approaching Enterprise Risk with a 360 degree process
• Are you prepared to meet the regulatory requirements in 2005
• Combining the findings and solutions to meet both the Emergency Management and Business Continuity Programs as well as sections of Sarbanes Oxley and ISO

Approaching Enterprise Risk  with a 360 degree process

• Application Management
• Business Continuity Management
• Business Process Reorganization
• Construction and Building Risk Management
• Crisis Management
• Emergency Management
• High Availability
• Information Security
• ISO Service Offerings

Are you prepared to meet the regulatory requirements in 2005?

Why the Regulatory is Stricter

• Prior to 911, a Gartner report stated that “two out of every five companies that experience a disaster go out of business within 5 years”
• According to a presentation given by the Port Authority, 43% of companies experiencing a disaster never reopen, and 29% of the remaining close within two years.

Regulatory Response

• Enhancing Financial System Mitigation
• Concentrations, both market based and geographic, intensified the impact of operational disruptions
• Wide scale breakdowns leads to significant liquidity bottlenecks
• Interdependence among financial system participants

Accounting Irregularities and Financial Abuses

• Enron
  Complex special-purpose entities to hide billions of dollars in debt. Inflated operating cash flows, disguised debt instruments as equity
• World Com
  Conceals $9 Billion in expenses, all converted into false profits
• Health South
  Massive Fraud – Fabricated $2.74 billion in earnings, $500 million from improper practices
• Parmalat
  $5 billion held in a BoA account by a Cayman Island unit was a forgery, Non-existent bond repayment
• Global Crossing
  Revenue not based on Generally Accepted Accounting Principles (GAAP)
• Disney
  Willfully destroyed 40 boxes of documents related to a royalty dispute

Financial Action Task Force (FATF) – Efforts to Detect and Prevent Terrorist Financing

• Develop Practices and Procedures to protect being used as a vehicle by Financial Criminals
• Increase Scrutiny of Tainted Transactions When Necessary …Retrieval of customer documents within a three day deadline is recommend

Redmond Worldwide, Inc is well experienced in the current Regulatory Standards. We recommend having Redmond Worldwide conduct a Gap Analysis of your Regulatory Processes. We can help your organization meet its Regulatory Requirements by first conducting a Gap Analysis and then completing all of the necessary documentation for your Organization.

• Regulatory Gap Analysis

• Regulatory Impact Analysis

• Regulatory Strategy

• Regulatory Check List

• Regulatory Plan

Regulatory Implementation

• Check 21

• New Basal Accord II
• Sarbanes-Oxley
• Gramm-Leach-Bliley Act
• FIPS 199 Federal Information Processing Standards Publication Standards For Security
• FFIEC
• PATRIOT ACT
• HIPAA
• NASD
• NYSE
• NFPA 1600
• NAIC (National Assoc Insurance Commissioner)

We are also up to date on the following for International Clients

• Nat’l Future Assoc Compliance
• Australian Standard BCP Guidelines
• Monetary Authority Singapore BCP Guidelines
• UK Trumbull Report (Financial Services)
• US Financial Services Authority (FSA-handbook systems and control)

New Regulation October 2004

The check Clearing for the 21^st Century Act, or Check 21, requires banks, started in October, to present electronic images of checks rather than paper checks for clearing.

New Basal Accord II

• Banks for International Settlement
• Fosters strong emphasis in Risk Management
• Increasing Risk Sensitivity
• Operational Risk is the core of Basil II
• Operational Defined as:
• Risk of losses from inadequate or failed internal processes, people, and systems or external events
• Implementation Date Year 2006
• Required to have about 3 years of data
• Builds Reward for Stronger More Accurate Risk Measures
• Failure will force more capital reserves than previous Basil
• Requires Significant Investment in Technology

Sarbanes-Oxley Auditing

• Created by Public Company Accounting Oversight Board (PCAOB)
• Section 404 – “If auditors find a weakness in a companies internal control structure, as defined by Sarbanes-Oxley, they must post a failing grade
• Section 409- Reporting Material Changes in Financial or Operating Conditions
• SEC Mandates that outside auditors attest to companies financial reports and disclosure controls and procedures
• Limits the services that Audit Firms can offer to clients
• Penalties up to Ten years in jail for violations

Gramm-Leach-Bliley Act of 1999

Government Compliance Guidelines

US Federal Government is drafting guidelines for Federal Agencies

• First Classify Risks
• Second Identify types of information and systems appropriate for each category of data
• Third Minimum Sets of Security Controls for each defined category of information and systems

FFIEC

Latest thinking and best practices on which financial institutions are regulated and examined against. The FFIEC is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS), and to make recommendations to promote uniformity in the supervision of financial institutions. FFIEC issuances and guidelines have frequently served as a reference for some of the leading technology risk and data security publications and studies.  

PATRIOT ACT

New Requirements — Severe Penalties
USA PATRIOT Act Section 326 imposes new requirements on how organizations screen existing customers and process new customer information. By October 1, 2003, all financial services organizations must have in place procedures for:   

1.  Customer Screening — On a regular basis, customers and transactions    must be matched against government-provided lists of suspected terrorists, drug traffickers, money launderers and other criminals 

2.  Customer Information Program (CIP) — On all new customers, basic identification information must be obtained to verify the customer's identity Failure to comply can result in penalties of up to $1 million, and/or imprisonment.

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPPA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law on August 21, 1996. This law includes important new protections for millions of working Americans and their families who have preexisting medical conditions or might suffer discrimination in health coverage based on a factor that relates to an individual's health. HIPAA's provisions amend Title I of the Employee Retirement Income Security Act of 1974 (ERISA) as well as the Internal Revenue Code and the Public Health Service Act and place requirements on employer-sponsored group health plans, insurance companies and health maintenance organizations (HMOs).

HIPAA includes changes that:

• limit exclusions for preexisting conditions;
• prohibit discrimination against employees and dependents based on their health status;
• guarantee renew-ability and availability of health coverage to certain employers and individuals; and
• protect many workers who lose health coverage by providing better access to individual health insurance coverage.

NASD

NASD regulates the securities industry and virtually all U.S. stockbrokers and brokerage firms.

News Headings:

NASD Files Enforcement Action Against Sigma Financial For Harassing Clients, Violating Arbitration Code (04/28/04)NASD Proposes Specific Requirements for Deferred Variable Annuity Sales (04/26/04)NASD Proposes Increasing Sale Data On Corporate Bonds For Dissemination To Public Through TRACE (04/22/04)NASD Fines Long Island Brokerage Firm David Lerner Assoc. $100,000 for Prohibited Mutual Fund and Variable Product Sales Contests (04/12/04)

• The New York Stock Exchange (NYSE) and the National Association of Securities (NASD) developed two virtually identical measures covering business continuity and contingency plans. The NYSE's version, known as Rule 446, and the NASD's Rules 3510 and 3520, received expedited approval from the SEC. While the rules affect only NYSE and NASD member firms, they still serve as valuable guidelines to businesses worldwide

• Rule 446, which went into effect on August 5, 2004, requires NYSE members and member organizations "to establish and maintain business continuity and contingency plans relating to an emergency or significant business disruption." Furthermore, it requires the plans be "reasonably designed to enable it [the business] to meet its existing obligations to customers, and address existing relationships with other broker-dealers and counter-parties."

• Regardless of the size of the member company, NYSE Rule 446 and NASD Rules 3510 and 3520 outline a set of 10 minimum requirements that must be addressed. These are:

• Books and records backup and recovery (hard copy and electronic).

• Identification of all mission-critical systems and backup for such systems.

• Financial and operational risk assessments.

• Alternate communications between customers and the firm.

• Alternate communications between the firm and its employees.

• Alternate physical location of employees.

• Critical business constituent, bank and counter-party activity.

• Regulatory reporting.

• Communications with regulators.

• How the member or member organization will assure customers prompt access to their funds and securities in the event the member or member organization determines it is unable to continue its business

NFPA 1600

• NFPA 1600 is a “Standard on Disaster/Emergency Management and Business Continuity Programs” is the National Preparedness Standard for all organizations, including governments and businesses

• The American National Standards Institute (ANSI) recommended to the 9-11 Commission on April 30, 2004 that NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs, be recognized as the national preparedness standard

• NFPA 1600 is considered by many to be an excellent benchmark for continuity and emergency planners in both the public and private sectors.        

• The standard addresses methodologies for defining and identifying risks and vulnerabilities and provides planning guidelines which address:

• Stabilizing the restoration of the physical infrastructure

• Protecting the health and safety of personnel

• Crisis communications procedures

• Management structures for both short-term recovery and ongoing long-term continuity of operations

• Program Management

• Laws and Authorities

• Hazard Identification and Risk Assessment

• Hazard Mitigation

• Resource Management

• Mutual Aid

• Planning

• Emergency Operations

• Mitigation Plan

• Business Impact Analysis

• Recovery Continuity Plan

• Direction Control and Coordination

• Communications and Warning

• Operations and Procedures

• Logistics and Facilities

• Training

• Exercises, Evaluations, and Corrective Actions

• Crisis Communication, Public Education and Information

• Finance and Administration