Corporate Governance and Oversight Sharon Moderator James, General Counsel, Boston Financial Amy Dauwer, General Auditor, Boston Financial.

Transcription

1 Corporate Governance and Oversight Sharon Moderator James, General Counsel, Boston Financial Amy Dauwer, General Auditor, Boston Financial Panelists

2 Governance Sharon James, General Counsel, Boston Financial

3 Corporate Structure 50% Ownership 50% Ownership Established 1969 Established Million Mutual Fund Accounts Serviced 6.4 Million Total Retirement Participants World's Largest Provider of Shareholder Recordkeeping Systems Established in Million Accounts Serviced Largest Full Service Mutual Fund Transfer Agent $2.37 Trillion in Assets Under Management $28.65 Trillion in Assets Under Custody and Administration Leading Mutual Fund Custody and Fund Accounting Agent As of 6/30/15 3

4 Boston Financial Board of Directors Steve Towle Chairman, Boston Financial Board DST EVP & Head of Financial Services A. Edward Allinson DST Board Member Tom McCullough Retired DST Ned Burke Alps CEO Gunjan Kedia State Street Exec. Vice President Steve Hooley DST DST President & CEO Alison Quirk State Street Exec. Vice President Robert Kaplan State Street Exec. Vice President James Phalen State Street Vice Chairman 4

5 Leadership Team Terry Metzger President and CEO Amy Dauwer General Auditor Trish Crockan Chief Operations Officer Tracy Shelby Chief Relationship Officer Arthur Dunn Chief Risk Officer Craig Hollis Chief Compliance Officer Joy McCune Chief Human Resources Officer Mike Rizzo Chief Technology Officer Jay Shuman Chief Financial Officer Anne Hebard Managing Director Business and Product Development Bill Weihs Managing Director Sharon James General Counsel 5

6 2015 Board Activities State of the Business Control Clients and Servicing Planning and Product Development Financials Audit Committee Internal and External Audit Activities Risk Management Governance Election of Officers Voting Matters Policy Review Litigation Regulatory Matters Reviews and Examinations by Regulators New and Proposed Regulations and Impact AML, Privacy, Cybersecurity 6

7 Two Primary Regulators SEC State Street Corporation DST Systems, Inc. Boston Financial Data Services, Inc. Federal Reserve State Street Corporation Boston Financial Data Services, Inc. Confidential Supervisory Information - Title 12 Code of Federal Regulations Part 261 7

8 Code of Ethics Boston Financial Code of Ethics and Professional Standards Compliance with Laws and Regulations Conflicts of Interest Preservation of Company Assets Consequences of Violating the Code Annual Computer Based Training Module Whistleblower Line 8

9 Insurance THE PROCESS Meet annually with Agent $ Pricing Policy Endorsements Descriptions Review the previous year for changes to business 9

10 Insurance Coverage Professional Liability, Errors and Omissions coverage (includes Network Security and Privacy Liability) 4 providers (Beazley A XV, XL Catlin A XV, CNA A XV, and Liberty A XV) Best s Rating A VIII or Above Financial Institutions Bond and Computer Crime (Fidelity Bond) 6 providers (Travelers A++ XV, Chubb A++ XV, Zurich A+ XV, CNA A XV, Berkley A+ XV and AIG A XV) Best s Rating A VIII or Above Standard Commercial General Liability Insurance 1 provider (CNA) Best s Rating A XV Mail Insurance 1 provider (Travelers) Best s Rating A++ XV Worker's Compensation Insurance compliant with statutory requirements (Travelers A++ XV) 10

11 Compliance Procedures SARBANES OXLEY ROLL UP Monthly request to all senior officers asking them to confirm: Procedures for processing have been followed Disclosure controls and procedures are effective Significant deficiencies and material weaknesses in internal controls have been disclosed to management of the Funds There have been no significant, adverse changes in internal controls subsequent to the date of the latest SOC 1 Report After responses have been received from senior officers, certification letters of compliance with Sarbanes Oxley is sent to Clients There have been no corrective actions taken to correct significant deficiencies in internal controls which have not been disclosed to the Fund clients There has been no fraud involving management or other employees with significant controls 11

12 Oversight Amy Dauwer, General Auditor, Boston Financial

13 The Three Lines of Defense Board/Executive Committee/Audit Committee Senior Management 1 ST Line of Defense 2 nd Line of Defense 3 rd Line of Defense Management Controls Internal Control Measures Security Risk Management Internal Audit Compliance 13

14 Management and Internal Controls Establish and maintain policies and procedures Provide training and performance evaluations Promote segregation of duties Utilize consistent technology Trish Crockan Monitor compliance with policies/procedure 14

15 Risk Management Establish risk management framework and methodologies Set and monitor risk tolerances and limits Consult on risk matters relating to new business, systems and procedures Arthur Dunn Provide independent risk oversight 15

16 Risk Management Committee Anne Hebard Managing Director Business and Product Development James Lockhead Managing Director Support Operations Joy McCune Chief Human Resources Officer Jay Shuman Chief Financial Officer Bill Weihs Managing Director Corporate Development Amy Dauwer General Auditor Arthur Dunn Risk Officer / RMC Chairman Craig Hollis CCO Matt Robichaud Director Purchasing / Facilities Sharon James General Counsel Tracy Shelby Chief Relationship Officer Patricia Crockan Chief Operating Officer Mike Rizzo Chief Information Officer Christopher Robino ERISA Compliance Officer Parent Company Representation at Boston Financial Risk Committee: Jack Zarkauskas, Vice President Risk Management, State Street Nick Horvath, Compliance Officer, DST Systems 16

17 How Does the Risk Management Committee Achieve its Objective? Sets the tone and support a risk-aware culture throughout the organization Provides input to management regarding the enterprise s risk appetite and tolerance Approves, and oversees execution of, corporate risk management policy and plan Monitors risks and takes action as needed Chief Risk Officer reports to Audit Committee three times a year Meets six times per year Identify and discuss emerging risks Consult and serve as point of escalation Review and update corporate policies Review corporate dashboard and key risk reports Consider concerns of parent company risk programs 17

18 Risk Management Process Bottom-up Process Business Unit Self- Assessments Identify / analyze / mitigate / document Business Unit Risk Coordinators Develop reporting / propose KRI s Foster local risk awareness 2 nd Line of Defense Independent Risk Oversight Corporate Risk Register Risk Dashboard Risk Awareness Training & Culture Top-down Process Risk Management Committee Identify top risks Focus on business strategy / scan for emerging risks Monitor / advise / escalate Establish and oversee policy / process 18

19 Security Establish and maintain information security strategy, policies and procedures Build community security awareness via training and communication Mike Rizzo Consult on security matters relating to new systems and procedures Establish a holistic risk assessment profile leveraging threat and vulnerability analysis Monitor internal and external security activities 19

20 CCO/Compliance Operations Oversee corporate policies, procedures, and practices Oversee compliance with transfer agent laws and regulations Consult on new regulations, policies and procedures Craig Hollis Oversee compliance program and Compliance Corner 20

21 Internal Audit Structure Audit Committee President & CEO Amy Dauwer Internal Audit Department 21

22 Audit Committee Audit Committee Members Invited Guests Bob Kaplan Tom McCullough Mike Richards Stacy Kempf Terry Metzger Jay Shuman Craig Hollis Arthur Dunn Sharon James Mike Rizzo Objective Responsible to the Board for oversight of management reporting on internal control 22

23 How Does the Audit Committee Achieve its Objective? Understands how internal audit is achieving independent assessments Receives all audit reports to assess the control environment Maintains ongoing communication with the external auditors Monitors management action plans to address audit recommendations Meets three times per year Receive business updates Review risk management activities Review whistleblower line activity Meet in executive session with the General Auditor Audit Committee Chairman reports to the board semi-annually 23

24 Internal Audit Process Audit Plan Audit Report Follow-Up Audit Risk Assessment Planning Control Identification/ Assessment Testing/ Validation 24

25 2015 Internal Audits CLIENT FACING Client Facing/Operations Support OPERATIONAL SUPPORT Anti-Money Laundering Compliance Fund File Support/MI Reporting Retirement Operations PRODUCT SPECIFIC Blue Sky Administration Proxy Business/Event Center i INFORMATION TECHNOLOGY Application Development/Project Delivery Information Security/Privacy/Vendor Management CORPORATE SUPPORT Finance/Client Billing Corporate Governance/Risk Management/Legal SPECIAL MANAGEMENT REQUESTS 25

26 External Audit Coverage Statement on Standards for Attestation Engagements PricewaterhouseCoopers LLP Reporting on Controls at a Service Organization (SOC 1) Semi-annual reviews Period of coverage: 10/1 to 9/30 and 4/1 to 3/31 Scope: Mutual Fund and Retirement Operations (Separate Reports) Compliance Review PricewaterhouseCoopers LLP Annual review Period of coverage: As of 9/30 and 10/1 to 9/30 Scope: Management s Assertions Surrounding Compliance with Federal Securities Laws 26

27 External Audit Coverage Securities & Exchange Commission Rule 17Ad-13 Financial Statement Reviews PricewaterhouseCoopers LLP Annual review Period of coverage: 10/1 to 9/30 Scope: Mutual Fund and retirement operations PricewaterhouseCoopers LLP Annual reviews Period of coverage: calendar year Scope: Corporate finances and retirement plan (separate reports) Blue Sky Review Report framework under development by PricewaterhouseCoopers LLP 27