Code of Maryland Regulations
Title 09 - MARYLAND DEPARTMENT OF LABOR
Subtitle 03 - COMMISSIONER OF FINANCIAL REGULATION
Chapter 09.03.14 - Money Transmitters
Section 09.03.14.08 - Corporate Governance
Universal Citation: MD Code Reg 09.03.14.08
Current through Register Vol. 51, No. 19, September 20, 2024
A. A licensee shall establish, document, and maintain sufficient corporate governance, as follows:
(1) Each element of a licensee's corporate
governance shall be commensurate with the size, operational complexity, and
overall risk profile of the licensee.
(2) For purposes of this regulation, the
operational complexity and risk profile of a licensee shall, in part, be
defined by the results of regulatory examinations, any external audits, and
internal audits.
(3) A licensee
bears the burden of demonstrating to the Commissioner that its corporate
governance is sufficient and commensurate with its size, operational
complexity, and overall risk profile.
(4) A licensee's corporate governance shall,
at a minimum, include:
(a) Clearly defined
responsibilities and accountability;
(b) Internal controls, policies, processes,
and practices for monitoring, testing, and ensuring compliance with the
corporate governance framework;
(c)
Internal controls, policies, processes, and practices for training of employees
on corporate governance requirements; and
(d) Internal controls, policies, processes,
and practices addressing internal audits, external audits, and risk management
as set forth in §§B-D of this regulation.
(5) Each licensee shall, not less than
annually, conduct a review of its corporate governance to determine its overall
effectiveness, address emerging risks and otherwise assure that the corporate
governance remains commensurate with the size, operational complexity, and
overall risk profile of the licensee.
(6) Any documentation, controls, policies,
procedures, requirements, audits, reports, or other materials included in this
regulation shall be made available to the Commissioner upon the Commissioner's
request.
B. Internal Audit.
(1) A licensee shall establish internal
audit requirements that are appropriate for the size, complexity, and risk
profile of the licensee.
(2) Unless
impracticable given the size of the licensee, internal audit functions shall be
performed by employees of the licensee who report to the licensee's owners or
board of directors and who are not otherwise supervised by the persons who
directly manage the activities being reviewed.
(3) Employees performing internal audit
functions shall have sufficient knowledge, training, and resources to provide a
reliable evaluation of the licensee's operations, risk management, internal
controls, and governance processes.
C. External Audit.
(1) If the Commissioner determines, based on
the size, operational complexity, and overall risk profile of the licensee,
that an external audit is appropriate, the Commissioner may direct a licensee
to receive an external audit.
(2)
If the Commissioner directs a licensee to receive an external audit, that
external audit shall include:
(a) Annual
financial statements including a balance sheet, statement of operations (income
statement), and cash flows, including notes and supplemental schedules prepared
in accordance with generally accepted accounting principles;
(b) Assessment of the internal control
structure;
(c) Computation of
tangible net worth;
(d) Validation
of permissible investments;
(e)
Verification of adequate fidelity and errors and omissions (E&O)
insurance;
(f) Testing of controls
related to risk management activities, including compliance and stress testing,
if applicable; and
(g) Any other
element the Commissioner considers appropriate.
(3) Nothing in this regulation is intended to
abrogate a requirement of a licensee to receive an external audit under any
other law, rule, regulation, or by-law, policy, or procedure of the
licensee.
D. Risk Management.
(1) A licensee shall at all times
maintain a risk management program that identifies, measures, monitors, and
controls risk sufficient for the size, operational complexity, and overall risk
profile of the licensee.
(2) The
risk management program shall have appropriate processes and models in place to
measure, monitor, and mitigate financial risks and changes to the risk profile
of the licensee.
(3) Evidence of
risk management activities throughout the year shall be maintained, including
findings of issues and the response to address those findings.
E. Authority to Address Risk as Necessary. If risk is determined by a formal review of a licensee to be extremely high, the Commissioner may order or direct the licensee to satisfy additional conditions necessary to ensure that the licensee will continue to operate in a safe and sound manner and be able to continue to engage in the business of money transmission in compliance with state and federal law and regulation.
Disclaimer: These regulations may not be the most recent version. Maryland may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
