The scale of both financial crime and regulatory enforcement continues to increase. Accordingly, having effective policies, procedures and internal controls, and complying with regulatory requirements, is critical for preventing, detecting, responding, and remediating fraud, waste, abuse, and misconduct. Our subject matter expertise, independence and objectivity are paramount to achieving successful outcomes.

Financial Crimes Compliance

Stout understands the ongoing compliance and regulatory issues related to the Bank Secrecy Act (BSA), USA PATRIOT Act, Anti-Money Laundering (AML), Counter-Terrorism Financing (CTF), and Office of Foreign Assets Control (OFAC) Sanctions laws, regulations, and best practices.

We regularly work with financial institutions of all types and sizes including, but not limited to, diversified national and global banks, regional banks, community banks, credit unions, bankers' and correspondent banks, money services businesses (including those dealing with virtual currencies), fintech, casinos, broker-dealers, precious metals dealers, credit card operators and payment processors, and loan and finance companies.

We regularly assist clients with:

• BSA/AML and sanctions program, policies and procedures design, assessment and implementation support
• BSA/AML department structure, governance and staffing capabilities assessments
• BSA/AML sanctions risk assessments
• Employee and board training
• KYC On-Boarding, CDD/EDD, beneficial ownership, customer risk model
• Transaction Monitoring & sanctions systems selection, implementation, model risk management and tuning support
• Independent model validation
• NYDFS 504 compliance assistance and testing
• Staff augmentation and outsourced assistance including CDD and EDD reviews, alert investigations, and SAR drafting
• BSA/AML and sanctions independent testing
• Anti-bribery and corruption/Foreign Corrupt Practices Act
• Fraud Controls Reviews

Regulatory Compliance & Monitoring

Stout’s team understands the ongoing compliance, regulatory examination, and enforcement process, expectations, and pressures for financial institutions. We offer a comprehensive suite of regulatory compliance and monitoring services designed to help organizations with preventing, detecting, responding, and remediating negative examination findings, regulatory scrutiny, fraud, misconduct, identity theft, data breaches and other illegal acts.

Our services include, but are not limited to:

• CARES Act loan reviews
• Regulatory remediation including consent order remediation/issue validation/lookbacks
• Outsourced regulatory compliance and monitoring assistance
• FACTA/identity theft controls
• Data privacy – GLBA, CCPA, GDPR
• DFS 500 cybersecurity assessments
• Cybercrime controls
• Vendor due diligence
• Litigation and regulatory enforcement support
• Expert witness services

Governance, Risk, and Compliance (GRC) Advisory

Governance, Risk, and Compliance (GRC) controls are crucial for financial institutions in assuring reliability of operations and achievement of business results. GRC controls provide the necessary framework for business direction, oversight and monitoring, help identify areas where operational, technology and compliance risks need focused attention and enhancement, and assist institutions in managing increased regulatory scrutiny and avoid enforcement actions. Stout’s professionals include Certified Public Accountants, Certified Fraud Examiners, Certified Internal Auditors, Certified Information Systems Auditors who are strong subject matter experts in assisting financial institutions in establishing, assessing, monitoring, testing and enhancing GRC controls.

Our GRC advisory services include:

• Policy procedure design, review, enhancement, monitoring
• Controls self-assessments & controls monitoring and testing
• Co-sourced risk based internal audit support services and Quality Assurance Reviews (QARs)
• Special projects – compliance reviews, independent loan reviews, product, customer risk assessments
• GRC tools/audit automation
• Digital and social media risks
• Email surveillance and business email compromise
• General IT risks and controls self-assessments