In our previous blogs on foreign banking organizations (FBOs), we highlighted our thoughts on some of the next set of challenges for large FBOs following the July 1, 2016 compliance deadline to establish Intermediate Holding Companies (IHCs). We recognize the long road to operationalizing run-the-bank (RtB) processes has just begun and the true “use” tests of the IHCs and their combined US Operations will be unfolding for some time. FBOs have experienced a significant period of change for more than three years, and the baton has now been passed from large change programs to implementation programs. The focus has shifted to embedding the IHC/Regulation YY requirements into businesses to execute, control functions (i.e., second line functions) to monitor and test, and internal audit to validate.
It is critical that FBOs operationalize and then sustain their RtB processes, and reinforce and/or enhance the Three Lines of Defense (3 LoD) governance models currently in place. The ability of these functions working end-to-end and across siloes to do their jobs will be a critical point for enabling risk identification, monitoring and mitigation, ensuring a robust risk and compliance culture, and providing a US-centric view of the FBO’s operations and risk profile. The regulatory spotlight, especially over the course of the next year, will be on risk, compliance and internal audit, and the effectiveness of these second and third lines of defense to identify whether the processes are working.