CMS Case Study

C loyd Bank and Trust Risk Assessment Summary 2020-2021

Audit Area

Lockbox

Risk Factor

Score

Definition (score range)

High (21-30)

Moderate (11-20)

Low (0-10)

Rationale

Lockbox transactions are subject to Regulation CC. Overall, there are not significant compliance risks.

Regulatory requirements are limited to low-profile regulations and law issues that warrant action but have significantly lower levels of risk. Impact on accurate timely financial reporting is minimal. Likelihood of material financial reporting effect is negligible.

Significant regulatory requirements are evident; however, regulatory expectations are clear, seasoned, and considered routine. Violations if any will be technical in nature. Material financial effect is possible; however, activity is routine and noncomplex and errors would be readily evident in normal operations.

Potential violations of high profile regulations with potential fines, legal liability or costly corrective action are possible. Material financial misstatement is possible due to incorrect handling of infrequent, complex transactions or estimates. Critical management decisions may be based on these financial areas.

Compliance

14

Lockbox transactions are routine in nature. Bank employees processing payments record where the payment originates and batch totals are either deposited to the customer's DDA or applied to the customer's loan account based on the lockbox agreement. While the transactions are routine, the ability to track payments received from customers increases the level of risk as the Bank's customer is relying on the Bank to provide them with detail of what customers sent payment, how much was received, and when the transaction was recorded. The Bank currently has two lockbox customers and processes approximately 8000 payments per month (in total).

Nature of Transactions

16

Noncomplex systems and operations are seasoned, with well established back up routines.

Lockbox operations are routine in nature. Employees retrieve payments from a designated post office box. Mail is opened and processed. The complexity arises in ensuring payments are recorded to the appropriate customer's account and ensuring a detail of what was received, by whom, and when adds a level of complexity thereby increasing the risk of the operations. Any disputes regarding a payment increases reputation risk for the Bank. Additionally,while customers are discouraged from sending cash to the lockbox, any cash payments received increases the risk due to the inability to trace the transaction.

Seasoned and complex manual or automated systems are important to management decision making or product delivery; however, collaborating or alternative back-up systems exist.

Complex manual or automated systems are new, critical to management

Nature of Operations

decision making, or important to product delivery.

18

Controls are nonexistent or known to be weak.

There is no basis for control assessment, or they are thought to be weak.

Controls are strong or adequate.

Internal controls are in place. Two employees will check the post office box where the lockbox transactions are received, two employees will open the mail. All payments received are recorded before being processed. After processing, totals are matched to the amounts received. Finally, customer detail regarding payments received are reconciled to batch totals.

Internal Controls

10

Major changes since last audit are anticipated this year or not recently reviewed.

Minor changes since last audit are anticipated this year.

No changes since last audit are planned this year.

The volume of transactions has been consistent over the past two years; there are no anticipated changes within the next 12 months.

Changes to systems, processes, or procedures

10

Management lacks experience or places low priority on internal controls.

Management has average experience.

Management is experienced and has high priority on controls.

Frontline sales and service for lockbox is the responsibility of the Treasury Services Manager who continues to gain experience. Deposit Operations is responsible for backroom support of ACH.

Management

15

83

Risk Score

- 11 -