How internal audit can add value under a bank consent order

Gary W. Lindsey, Shannon Moskal
11/23/2021
How internal audit can add value under a bank consent order

Like many things in life that cause discomfort and stress, a bank consent order creates an opportunity for growth.

With the right internal audit approach to a bank consent order remediation and validation process, your organization’s internal audit function can become sharper, more insightful, and more valuable to the organization.

A successful consent order validation will require internal audit to gather subject-matter knowledge, develop highly efficient communication practices, and deliver targeted recommendations. And stakeholders within the organization will need those recommendations framed in ways that quickly translate to tangible improvements.

All these internal audit improvements present challenges, but they also deliver enduring benefits for the organization – and those benefits can extend far beyond the life of the consent order process.

Successful validation of a bank consent order starts with an internal audit team that has the experience and subject-matter knowledge to find the right answers.

Successful validation of a bank consent order starts with an internal audit team that has the experience and subject-matter knowledge to find the right answers.

Arriving at appropriate remediation solutions under a bank consent order takes experience, deep knowledge of the subject matter at hand, and an understanding of what regulatory examiners expect. A consent order presents unique challenges – the landscape is full of uncertainty, and the stakes are high. Even seasoned internal auditors can disagree over whether a particular action will meet regulators’ expectations.

The task at hand isn’t easy, but the right assessments and recommendations from an experienced internal audit team can provide a significant advantage. When internal audit gets involved early, your organization can benefit. The goal is to develop the ability to demonstrate regular progress and consistent acceptance of implemented and tested solutions.

If your organization doesn’t have extensive internal audit resources that possess issue validation experience and regulatory knowledge, it might be time to look for a consent order validation consultant.

After all, no organization has time to fumble its way through a bank consent order. The faster your internal audit team implements an action plan that addresses regulators’ concerns, the sooner your organization can get on the path that ends with the regulatory order being resolved and lifted.

People throughout your organization need targeted, practical guidance from internal audit.

People throughout your organization need targeted, practical guidance from internal audit.

Your bank’s business and risk teams rely on timely feedback from internal audit to help them address the bank consent order. To make sure the remediation process is an efficient one, it’s vital for your internal audit department to deliver feedback that goes beyond a simple “yes” or “no.”

Internal auditors must remain independent, but that doesn’t mean they can’t offer insight. Your internal auditors should engage with stakeholders early and often to help the business effectively use its limited time and resources.

The internal audit findings should include reasoning and outline measurable, achievable expectations for remediation. After reading the findings, the relevant party or department should be able to say: “Our remediation measures didn’t pass because we didn’t do X, Y, and Z. To meet expectations, we need to develop a corrective action plan that will put X, Y, and Z in place.”

By continuing to provide critical evaluation and effective feedback once the business team develops the action plan, internal audit can help improve the chances that corrective actions can properly address the bank consent order.

Examiners want to understand how and why internal auditors arrived at findings – so your organization should be prepared to give them detailed workpapers and reporting.

Examiners want to understand how and why internal auditors arrived at findings – so your organization should be prepared to give them detailed workpapers and reporting.

Your internal audit team should align its work with regulators’ expectations and then document that work in a way that examiners can clearly follow. Doing so can increase the chances the examiners will understand and ultimately accept your organization’s remediation plan.

As with internal communications under a bank consent order, the key to establishing productive dialogue with regulators is to move beyond a pass-fail mentality with internal audit reporting. Your internal audit team should deliver workpapers and reporting that tell the story of how your organization arrived at solutions through professional skepticism and thorough testing of management actions.

When examiners understand how your internal audit team reached key decisions, they can provide valuable feedback that allows your internal auditors to hone their methodology and processes. And with this positive feedback structure in place, the remediation and validation process for a bank consent order becomes much more efficient.

Let’s talk

Our Crowe consent order validation team has helped financial services companies of all sizes resolve regulatory enforcement actions and become stronger for it.

Give us a call or send us an email – we’d love to listen to your story and find out how we can help.

Overwhelmed by a bank consent order?
We can infuse the talent and structure you need to start addressing your issues.

Contact us


Gary Lindsey - social
Gary W. Lindsey
Principal, Financial Services Consulting
Shannon Moskal
Shannon Moskal
Principal, Consulting