Regulatory Compliance

The demand for comprehensive and affordable compliance services is rapidly growing. GCPA is one of the most comprehensive providers of internal audit, consulting, and compliance services to the financial services industry. Our knowledge and expertise allows us to offer services that typically require the use of multiple companies to deliver.

Our regulatory compliance services include internal audit and consulting support for the following areas:
- Sarbanes Oxley (SOX) Act Compliance
- Gramm Leach Bliley Act (GLBA) Compliance
- Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Compliance
- Deposit, Loan, and Community Reinvestment Act (CRA) Compliance

These laws and regulations have emerged to prevent repeated corporate scandals, protect the integrity of enterprise-owned information and ensure customer privacy. Specific information related to these acts include:

SOX– The Sarbanes-Oxley Act of 2002 requires strict internal controls and independent auditing of financial information as a proactive defense against fraud—with potentially serious civil and criminal penalties for noncompliance.

GLBA– The Gramm-Leach-Bliley Act of 1999 requires financial institutions to create, document, and continuously audit security procedures to protect the nonpublic personal information of their clients, including precautions to prevent unauthorized electronic access.

Security is a crucial part of protecting consumers’ personal nonpublic information processed electronically by financial institutions under GLBA. According to the Act’s Safeguards Rule, financial institutions must:

- Ensure security and confidentiality of customer information;
- Protect against anticipated threats or hazards to security or integrity of information; and
- Protect against unauthorized access to or use of the customer information.

The Act requires financial organizations to create a comprehensive, written Information Security Program. Guidelines specify seven steps for development and implementation, and nearly all require ongoing risk assessment.

GCPA provides Information Technology and Business Process audit and consulting services that facilitate the implementation and compliance process. We are able to assist in performing the risk assessment and identifying the key controls needed to meet the regulatory and compliance requirements. We also provide guidance and deliverables that aid in the ongoing compliance in subsequent years.

BSA/AML– This act requires that each financial institution determine that an effective compliance program has been implemented and designed to ensure and monitor compliance with the recordkeeping and reporting requirements of the Bank Secrecy Act (BSA) and its anti-money laundering (AML) regulations.

Our BSA/AML assessments address the integrity and effectiveness of the Bank’s BSA/AML Compliance Program based on established policies, procedures, processes, and selected samples of transactions during the period of examination. The assessments are executed using a risk-based approach considering the organization’s size, complexity of operations, risk profile, and use of technology. We utilize the requirements outlined by the Federal Financial Institutions Examination Council (FFIEC) BSA/AML Examination Manual to guide our assessments. These assessments are designed to assist the organization’s Board of Directors and senior management by identifying potential areas of weakness or matters requiring stronger internal controls or increased management focus.

Mortgage Loan Quality Control Reviews

GCPA now provides quality assurance services related to mortgage loans that have been originated, purchased, or brokered by the lender. Our reviews comply with published FNMA, FHLMC, FHA, and VA guidelines. The review may be tailored to incorporate the Lender’s unique quality assurance requirements and to reflect the Lender’s internal policies.

Gray CPA, PLLC All Rights Reserved