Financial Institutions ConsultingQuality service. Personal attention.

Why Weaver? With more than 65 years of experience and a commitment to our financial institution clients, Weaver is established as a top-40 accounting firm in the U.S. and a premier provider of financial institutions consulting services.

Our practice delivers the following services:

⊲ Compliance review

⊲ Internal audit

⊲ SOX/FDICIA compliance

⊲ Information technology FFIEC and security reviews

⊲ Financial statement audit

Our clients include banks, loan originators, third-party services, mortgage companies, insurance companies, hedge funds and collection agencies, among others.

At Weaver, we’re passionate about client service. We provide creative and practical risk management solutions to help our financial institution clients thrive so they can focus on providing the highest quality of service to their customers.

2

3

Weaver’s Financial Institutions Consulting Services

Weaver’s team of seasoned CPAs, former bank regulators, former lenders, internal auditors and IT security professionals helps financial institutions manage the complex risks unique to the industry. Our extensive experience allows us to help clients assess strategic, financial, operating and compliance risks, and provide efficient solutions to mitigate loss and take advantage of opportunities.

Risk Assessment Services While some risks are inherent to any institution, others are not so obvious to recognize. Risk assessments help identify areas of exposure and are useful in determining response plans for risk mitigation. A well-thought-out risk response strategy enables senior management to better anticipate change and be more proactive in order to mitigate loss or take advantage of opportunities.

Given the numerous regulations that institutions are subject to, in addition to emerging risks, a robust risk assessment becomes a critical strategic management tool, as well as a key component of enterprise risk management. The following targeted risk areas may be appropriate for a separate assessment depending on an organization’s operating environment:

⊲ Strategic and enterprise risk management (ERM)

⊲ Lending and credit administration ⊲ Regulatory compliance ⊲ Fair Lending practices ⊲ Bank Secrecy Act/Anti-Money

Laundering ⊲ Internal audit ⊲ Operations ⊲ Sarbanes-Oxley/FDICIA

compliance

⊲ Community Reinvestment Act ⊲ Cybersecurity ⊲ Information technology ⊲ E-Banking ⊲ Information security/

Gramm-Leach-Bliley Act ⊲ Vendor management ⊲ Lobby operations ⊲ Interest rate and liquidity risk

4

Risk Assessment Services (continued...)Once an institution’s risks are identified, part of the response plan is to determine a control strategy using the Three Lines of Defense model for effective risk management:

⊲ Internal controls over functions that own and manage risk

⊲ Internal controls that monitor the first line of defense

⊲ Internal audit or independent assurance that monitors the first two lines of defense and ensures they are operating effectively

These activities help create a strong internal control environment, including a secure information systems environment.

⊲

Regulatory Compliance Audit Services Regulatory compliance audits are an essential component of an effective compliance management program. They are instrumental to objectively evaluating compliance with laws, regulations and the associated policies and procedures.

In tailoring our service approach, Weaver’s experienced consultants work to provide a risk-based compliance audit plan consistent with your institution’s size, complexity and risk profile.

Our approach to regulatory compliance audit services includes:

Understanding the operating environment and risk profile

Designing a risk-based audit plan focusing on key exposure areas

Providing regular status updates throughout the engagement process

Communicating findings and a remediation strategy to management

STEP 1

STEP 2

STEP 3

STEP 4

In addition to strengthening your existing compliance programs, an independent regulatory compliance audit helps your financial institution avoid costly non-compliance penalties. We address areas of concern through recommendations tailored specifically to your operating environment based on industry best practices. Once an appropriate remediation plan is developed, we will provide feedback and assistance if desired.

Key areas for review include:

⊲ Bank Secrecy Act/Anti-Money Laundering reviews ⊲ Fair Lending assessments ⊲ Lending and deposit compliance audits ⊲ Remote deposit capture reviews ⊲ Automated Clearing House ⊲ FFIEC IT and other IT security reviews ⊲ Other specialized audits

5

⊲

6

Mortgage Regulatory Compliance The emerging regulatory environment surrounding mortgage lending, combined with an increased focus on consumer advocacy by regulatory bodies, creates a substantial source of uncertainty. Financial organizations must stay on top of the fluid regulatory environment, and they need an experienced partner to guide them. Weaver can help.

Mortgage Compliance Services

⊲ Ability-to-pay determinations ⊲ Fair Lending compliance ⊲ RESPA obligation guidance ⊲ Loan originator compensation ⊲ Compliance risk assessments ⊲ Schedule implementation and maintenance ⊲ Appraisal disclosure compliance ⊲ HOEPA fulfillment

Specialized Audit Areas

⊲ Privacy compliance ⊲ Marketing programs and materials

7

Consumer Financial Protection Bureau (CFPB) ReadinessOur CFPB Readiness services assess exposure to risk and potential control gaps that help mitigate the risk of non-compliance with regulatory requirements. Our services include providing guidance and recommendations on remediation strategies to address exposure areas and strengthen internal controls. Our CFPB Readiness Assessment covers the following areas:

Compliance Management Assessment

⊲ Compliance management system (CMS) components ⊲ Board and management oversight ⊲ Compliance program ⊲ Policies and procedures ⊲ Training ⊲ Monitoring and corrective action ⊲ Vendor management and third-party relationships ⊲ Response to consumer complaints ⊲ Compliance audit and quality control

Operational Controls Assessment

⊲ Organizational responsibilities and evaluation of the three lines of defense ⊲ Policies and procedures ⊲ Quality control and exception management ⊲ Board of directors and management oversight ⊲ Segregation of duties ⊲ Assessment of fraud risk and related mitigating controls

Technology Assessment

⊲ Strategy and implementation ⊲ IT risk assessment ⊲ Application and system development ⊲ Internal network and application security ⊲ External security and threat assessment ⊲ Access to consumer information ⊲ Business continuity planning

8

Internal Audit Outsourcing and Co-SourcingOrganizations with strong governance and internal control employ sound processes for risk identification, risk response and monitoring of operating effectiveness within the control environment.

Our approach is flexible and tailored to meet the needs of our clients. We can supplement an existing internal audit plan by providing additional resources or expertise where needed. Alternatively, we can assist with an entity-wide risk assessment and work in tandem with the audit committee to address its concerns and develop a comprehensive internal audit plan.

Our internal audit methodology seeks first to understand the organization’s culture, operating environment and strategic objectives. We listen to feedback from management and/or the board to understand concerns and assess risks qualitatively. We use this information, coupled with evaluating quantitative metrics, to determine the significance of operating activities and related risks. In addition to evaluating risks currently impacting the organization, we assess emerging risks that can have an impact in the future. Using this approach helps our clients identify emerging trends and proactively establish risk mitigation strategies, if necessary.

Weaver’s risk model is designed to assist stakeholders in developing a risk rated internal audit universe, which identifies high exposure areas. The internal audit universe is used as the basis of the annual audit plan that outlines the frequency and scope of the internal audits to be performed.

When executing our internal audit methodology, we assess effectiveness of control processes using the Three Lines of Defense model for effective risk management:

⊲ Management controls and internal control measures ⊲ Risk control and compliance oversight ⊲ Independent assurance – internal audit

8

A9

Internal audit areas typically subject to review include

OutsourcingWhile maintaining objectivity and independence, outsourcing your internal audit function can provide technical proficiency related to core processes and assessments that may not be available in the organization. Additionally, this can help eliminate the constraints of managing, attracting and retaining internal audit staff, allowing management more time to devote to strategic and profit generating activities.

Co-SourcingInternal audit professionals are experienced in project planning, risk management, financial reporting, IT and operations. As specific skill set needs vary from one organization to another, augmenting your existing staff with assistance from Weaver will provide in-depth audit skills and industry knowledge that may not be available internally.

Review Risk Model

Review Risk Assessment of

Audit Areas

Set Timing of Internal Audit(s)

Perform Internal Audit Procedures

Report Findings

⊲ Risk assessment completeness ⊲ Internal audit plan completeness ⊲ Policies and procedures

completeness ⊲ Accounting and financial

reporting ⊲ Due from banks and borrowings ⊲ Investment portfolio ⊲ Interest rate risk management ⊲ Liquidity risk management ⊲ Lending

⊲ Mortgage lending ⊲ Warehouse lending ⊲ Branch operations ⊲ Deposits ⊲ Wire transfer ⊲ Human resources/payroll ⊲ Bank-owned life insurance ⊲ Non-deposit investment

products ⊲ Trust compliance and

operations

Internal audit activities focus on asset protection, loss prevention, compliance, internal controls and fraud. Key steps in our internal audit service methodology include:

10

IT Advisory ServicesOur IT advisory services evaluate the processes within your technology environment used to safeguard the integrity of your systems and your customers’ data. By evaluating your processes before an event occurs, management can significantly lessen the threat of financial loss from fraud or theft, productivity loss from system downtime, and the risk of compromising customer data and proprietary operating information.

IT AuditAn IT audit evaluates your financial institution’s information systems for potential vulnerabilities to external threats and internal compromise. A variety of state and federal regulations require independent verification of IT systems and controls, including:

⊲ Federal Deposit Insurance Corporation Improvement Act (FDICIA)

⊲ Sarbanes-Oxley Act (SOX) ⊲ Federal Financial Institutions Examination Council (FFIEC) ⊲ Gramm-Leach-Bliley Act (GLBA)

We are experienced in integrating our audit procedures to

enable our clients to demonstrate management’s assessment across multiple requirements.

Cybersecurity ServicesWeaver’s security services team will evaluate your systems, policies and procedures to identify where vulnerabilities may exist—either from external threats or from internal compromise. We offer several options when evaluating security procedures and vulnerabilities:

⊲ Internal vulnerability scans ⊲ External vulnerability scans ⊲ Penetration testing ⊲ Social engineering ⊲ Network architecture reviews ⊲ Wireless and mobile device evaluation

1111

What Can Weaver Do For You?Weaver offers a full range of assurance, tax and advisory services. Every day, our clients rely on us for:

Assurance ⊲ Audit, review and compilation ⊲ Employee benefit plan audit ⊲ Agreed-upon procedures ⊲ IFRS assessment and conversion ⊲ Private equity services ⊲ Public company services ⊲ SSAE 16/SOC 1, 2 and 3

Tax ⊲ Federal tax compliance and planning ⊲ International tax ⊲ State and local tax ⊲ Wealth strategies

Advisory ⊲ Financial institutions consulting ⊲ Risk advisory ⊲ IT advisory ⊲ Transaction advisory ⊲ Public company services ⊲ Energy compliance and consulting ⊲ Forensics and litigation

Weaver.cominfo@weaver.com | 800.332.7952

facebook.com/weavercpasyoutube.com/weavercpaslinkedin.com/company/weavertwitter.com/weavercpas

For more information, contact:Bruce Zaret, CPA, Partner, Advisory Servicesbruce.zaret@weaver.com | 972.448.9232

James Mihills, CPA, Partner, Advisory Services james.mihills@weaver.com | 817.882.7361