BSA/AML/USAPA/OFAC

Triac is available to conduct an independent Bank Secrecy Act audit focusing on key required areas such as the adequacy of the bank’s BSA program, including internal controls, independent testing, proper designation of a BSA Officer and training for appropriate personnel, the bank’s completed CTRs, the exemption system, Suspicious Activity Reports and suspicious activity monitoring systems if used, monetary instrument sales tracking system, wire transfer procedures and practices, recordkeeping compliance systems, OFAC monitoring system and Customer Identification Procedures

Information Security Risk/Privacy (Gramm-Leach-Bliley Act)

Triac is available to assist financial institutions with adherence to Information Security Risk/Privacy audits. In general, we would assess the quality of the institutions compliance management policies and procedures for implementing the privacy regulation, specifically ensuring consistency between what the bank tells consumers in its notices about its policies and practices and what it actually does. We would evaluate such areas as the institutions use of internal controls and procedures for monitoring the institution's compliance with the privacy regulation, documentation of required practices and disclosures, adherence to the exercising of consumer rights, etc. We would utilize the FFIEC regulatory examination procedures for conducting such reviews.

General Operations Compliance

Triac is available to conduct general (or specific if desired) operations compliance audits focusing on the following regulations and their applicable requirements:

• Interest on Deposits (“IOD”)
• Expedited Funds Availability—Regulation CC and California Law (“EFAA”)
• Truth in Savings—Regulation DD (“TISA”)
• Right to Financial Privacy
• Electronic Fund Transfers—Regulation E (“EFTA”)

Lending Compliance Review

Triac is available to conduct general (or specific if desired such as a review of lending files for adherence to flood status determination and insurance adherence) lending compliance audits focusing on the following regulations and their applicable requirements:

• Truth in Lending Act—Regulation Z
• Equal Credit Opportunity—Regulation B
• Fair Credit Reporting
• Credit Practices Rule—Regulation AA
• Consumer Leasing—Regulation M
• Home Mortgage Disclosure Act (HMDA)—Regulation C
• Flood Disaster Protection Act
• Real Estate Settlement Procedures Act
• Soldiers and Sailors Civil Relief Act

HMDA Scrub and Data Submission Audits

Triac is available to conduct an FFIEC-mandated quality and validity checks on data using both electronic and file analysis of key components. Triac is also available for annual data submissions, geocoding, and training/systems implementation with respect to HMDA.

Non-Deposit Investment Product (NDIP) Audit

Triac is available to assist financial institutions in conducting an audit of its non-deposit investment product program. This audit would draw upon the key elements from the Federal Reserve Board’s Examination Procedures (Supplemental 4) for such products (Section 4170.1, 4170.2 and 4170.3). This would include such areas as compliance with guidelines addressing the authorization to offer retail sales & your program management, adequacy of your product and third-party affiliation selection, adequacy of efforts to maintain adequate privacy over related information, contingency planning efforts, adherence to disclosures, advertising and “settings and circumstances” requirements, compliance with designation, training and supervision of personnel requirements, and compliance with suitability, sales practices, and compensation practices.

Branch Operations Audits

Triac is available to conduct branch operational audits focusing on such areas as protection of physical assets, signing authority, segregation of duties, cross training adequacy, security measures and minimum security devices, accounting controls and use of prenumbered documents, wire transfer controls and recordkeeping, safe deposit box controls, inactive/dormant account controls, escheat procedures, taxpayer identification requirements (W-8BENs and W9s), and ACH Operating Rules adherence.

Branch or Central Note Department Audits

Triac is available to conduct branch note department audits (typically in conjunction with branch operational reviews or separately as a central note department audit) focusing on such areas as loan document preparation, lending policy adherence, segregation of duties adherence, and supervisory adequacy.

Human Resources Department

Triac is available to conduct “HR” audits in conjunction with Internal Routine and Controls Audits. These include review of policies and procedures, adherence to formal policies and procedures regarding hiring, performance evaluations, resignations and/or terminations, review of employees’ time sheets, payroll settlement and payroll system reports, inspection of employee personnel files for proper documentation, review of job employment advertisements, timeliness and support.

Accounting Department

Triac is available to conduct accounting department audits focusing on such areas as accounting entries and recordkeeping practices, knowledge of accounting principals by personnel, use of segregation of duties, and compliance with established policies.

Management Information Systems (MIS)

Triac is available to conduct Management Information Systems audits on behalf of the bank. The audit can be broad-based with emphasis on those areas deemed appropriate by the bank's Audit Committee. The audit can encompass applicable aspects including the adequacy of the bank’s wholesale or large-dollar funds transfer systems, payments transfer systems, Networks/Teleprocessing, data and physical security, networking and Client/Server systems control, FedWire wire transfer functions (EFTs, Executive Banking and Automated Clearing House (ACH), IS services provided to external users or received from external sources, IS controls in user-departments, establishing microcomputer controls and developing and testing a disaster recovery plan, backup and off-site storage controls of critical information and inventory control on the hardware software, security measures for the physical security of restricted area, key locks on machines, removing and securing data files, access controls for passwords, encryption of data on the disk, use of dial-up equipment and read only attributes to the files, segregation of duties in maintaining, monitoring, and supervising data base management activities, procedures adherence to allow recovery of the database, adequacy of data security measures employed to ensure against unauthorized access of data and/or changes to it, use of physical/environmental controls, computer operations standards and procedures and compliance with them, reporting mechanisms used by data center management to monitor IS operations.

Policy and Procedural Manual Review

Triac is available to conduct on or off-site reviews of a bank’s procedural manuals to determine wheteher they are complete and current and to identify deficiencies, if any. We have written many policies that are available to augment an institution’s policies if deficiencies are noted. We can also streamline policies, assist in the organization of policies including assisting in the implementation of electronc navigation and access to policies and procedural manuals.