CMS Case Study

2020-2021 Risk Assessment Summary Citizens Bank and Trust

Audit Area

Interest Rate Risk (IRR)

Definition (score range)

Risk Factor

Score

High (21-30)

Moderate (11-20)

Low (0-10)

Rationale

Potential violations of high profile regulations with potential fines, legal liability or costly corrective action are possible. Material financial misstatement is possible due to incorrect handling of infrequent, complex transactions or estimates. Critical management decisions may be based on these financial areas. Complex manual or automated systems are new, critical to management

Significant regulatory requirements are evident; however, regulatory expectations are clear, seasoned, and considered routine. Violations if any will be technical in nature. Material financial effect is possible; however, activity is routine and noncomplex and errors would be readily evident in normal operations. Seasoned and complex manual or automated systems are important to management decision making or product delivery; however, collaborating or alternative back-up systems exist. There is no basis for control assessment, or they are thought to be weak.

Regulatory requirements are limited to low-profile regulations and law issues that warrant action but have significantly lower levels of risk. Impact on accurate timely financial reporting is minimal. Likelihood of material financial reporting effect is negligible.

Interest Rate Risk (IRR) is subject to regulation. This function is a crucial decision-making tool because accurate monitoring and reporting are essential to the Bank's success. Interagency guidance outlines the requirements for interest rate risk management, and IRR has recently been subject to higher regulatory scrutiny within recent years.

Compliance

20

The Bank's interest rate risk model is outsourced to a third party, Darling Consulting. The complexity of the model, the current volatility in the financial industry, and its impact on the Bank's strategic decision-making process increase the risk associated with the nature of transactions.

Nature of Transactions

21

Noncomplex systems and operations are seasoned, with well established back up routines.

The Asset and Liability Committee (ALCO) is heavily involved in the monitoring of this model and the associated risks. The complexity of the modeling process and the current volatility in the financial industry increases the risk associated with the nature of operations.

Nature of Operations

18

decision making, or important to product delivery.

Controls are nonexistent or known to be weak.

Controls are strong or adequate.

Internal controls are in place and function adequately on an overall basis. The most recent FDIC Safety and Soundness Examination (January 2019) rated IRR as satisfactory with no recommendations and the most recent internal audit (2019) of IRR resulted in one recommendation.

Internal Controls

11

Major changes since last audit are anticipated this year or not recently reviewed. Management lacks experience or places low priority on internal controls.

Minor changes since last audit are anticipated this year.

No changes since last audit are planned this year.

No significant changes occurred in the last 12 months and there are no anticipated changes within the next 12 months.

Changes to systems, processes, or procedures

8

Members of management have achieved their positions within the Bank because of their level of knowledge, demonstrated skills, and experience within the banking industry. A strong emphasis is placed on maintaining a sound control environment.

Management has average experience.

Management is experienced and has high priority on controls.

Management

10

88

Risk Score

- 23 -