Our Services

M&M Consulting provides comprehensive risk management services for financial institutions. Our subject matter experts and robust audit programs go far beyond a “check the box” review, and all at very competitive rates.


Internal Audit

Ensuring Effective Internal Controls And Preparation For The Unexpected


Proper financial controls are at the heart of every great financial institution. M&M Consulting has been performing audits of community financial institutions since 1996. Our team is experienced; most of our staff members have worked for institutions as well as for third party auditors, so we know how to give practical advice that can be implemented quickly and efficiently.

M&M has helped financial institutions maintain proper checks and balances since 1996 with a team of auditors trained in adding value to the client’s operations. We are independent auditors, but we are also strategic partners that help build strong foundations for healthy institutions. We care deeply about striking the right balance between efficient operations and sound financial controls.

Outsourcing Program

M&M offers financial institutions a complete internal outsourcing model that includes the following elements:

Audit Plan Development
M&M’s audit plan development ensures that audit resources are deployed to the areas of the financial institution posing the greatest risk. M&M, collaborating with client management, prepares an annual audit risk assessment. M&M’s audit risk assessment defines the audit universe and then rates the various auditable areas as high, medium, or low. We then develop the plan assigning individual audits on an annual, biennial, or triennial frequency based on their overall risk rating. The overall risk rating is supported by inherent risk factors accepted by regulators along with several adjustment factors.
Working with the client’s internal audit manager, M&M usually schedules the plan for the year. M&M remains flexible in its scheduling and will adjust for client needs, such as regulatory exams and client personnel vacations. In addition, we rotate our field auditors every few years. More recently, we have been completing most audits remotely through the effective use of technology, including our client portals, remote access, encrypted emails, and online meetings. This methodology works well to reduce travel costs and increase audit efficiency. We are not bound by geography!
Planning Individual Audits
Well in advance of the start of each audit, the assigned audit consultant meets with the M&M engagement leader to review the scope of the audit and discuss the strategy to ensure high risk areas are addressed. The consultant will provide the client with a request list approximately one month prior to the agreed upon start date. The consultant typically provides a control risk assessment and plan to discuss the system of internal controls of the designated activity with the department manager prior to the start of the audit.
Performing Individual Audits
The auditor performs the scheduled audit, beginning with an opening conference, documenting, evaluating, and testing selected controls and conducting an exit meeting with appropriate client personnel. Our auditors consult and advise the auditee of any issues identified during the audit process and work with you to resolve them. The auditor leaves the field and compiles the working papers, drafts a report, and submits the project for internal quality review.
Internal Quality Control Review
The audit consultant’s work and report are reviewed to ensure that the audit procedures are well documented and that the report accurately portrays the results of the audit. Findings are discussed internally, sometimes involving multiple staff members to ensure consistent and accurate application of ratings and recommendations in the final report.
Report Issuance
The M&M engagement leader edits and releases the draft report to the client after our internal review. The report format varies according to client needs and preferences, but typically includes an overall internal control rating derived from rating each comment.
Audit Committee Presentation
The M&M engagement leader typically meets with the client’s audit committee three to four times each year. Well ahead of the meeting, M&M provides meeting-materials consisting of (1) audit reports issued since the last meeting, (2) an audit issue tracking document providing a status update of issues noted in prior reports where management indicated remediation would occur in the future, and (3) a plan status document indicates the status (scheduled, in-process, completed, etc.) of each audit included in the annual internal audit plan for the current year.
Coordination with External Auditors
M&M is available to coordinate the scope of its work with the Company’s external auditors so that the external auditors (and regulators) can rely as much as practical on our work. All work papers are made available upon request to the external auditors.


M&M offers a co-sourcing approach that provides financial institutions with experienced internal auditors focusing their experience on critical risk areas within a financial institution. A partial list of our offerings appears below:

Information Technology Audits

Our information technology audit process follows the guidelines issued by the Federal Financial Institutions Examination Council (FFIEC) in the FFIEC Information Technology Examination Handbook for the areas of planned coverage. Each phase would be completed by one or more of M&M’s certified information systems auditors (CISAs). Our IT auditors average approximately 15 years of relevant information technology management and/or IT audit experience. M&M typically prepares an IT audit risk assessment with management’s participation as part of our planning of every IT audit. This ensures that the most significant risks are covered. Certain topics may be reviewed annually while others may only be reviewed every second or third year.

Information Security including GLBA
M&M provides comprehensive audits of the adequacy of governance and administration of technology policies and procedures, authentication and access controls, data security at the device, network and host level, encryption, physical security, business continuity planning, and vendor management oversight.
Wealth Management Audits
Our wealth management audits are led by an experienced certified fiduciary and investment risk specialist (CFIRS) assisted by consultants knowledgeable in trusts and investment management. Our program is designed to ensure our clients follow OCC Regulation 9 guidelines and other related guidance such as the FDIC’s Statement of Principles of Trust Department Management.
Asset and Liability Management (ALM) Audits
Our ALM audits are led by audit consultants well-versed in ALM and liquidity modeling, typically holding a CPA designation. The audit focus on compliance with various interagency guidelines covering interest rate risk and liquidity.
Allowance for Loan and Lease Losses (ALLL) / Allowance for Credit Losses (ACL)
Our ALLL/ACL internal audits are led by consultants well-versed in ALLL and ACL methodology, typically holding a CPA designation. The ALLL/ACL audit focus on ensuring that the methodology complies with interagency guidance and generally accepted accounting principles.
Automated Clearing House (ACH) Processing
Our ACH audits are led by consultants knowledgeable in NACHA rules compliance as well as electronic payments processing. The ACH audit focuses on compliance with NACHA operating rules are intended to meet the requirements of NACHA Operating Rule 1.2.2, Audits of Rules of Compliance.
Wire Transfers
Our wire transfer audits are led by consultants knowledgeable in wire transfers processes and systems. The wire transfer audit focuses on internal controls over the client’s wire transfer system(s). We can also assist financial institutions with their annual FedLine® Solutions Security and Resiliency Assurance Program certification.
Loan Origination Audits
Our loan origination audits focus on policies, procedures, processes, and systems used to originate retail and commercial loans.
Operational Audits
Our operational audits include loan servicing, deposit operations, electronic banking, and cash management, among others.
Accounting Audits
Our accounting audits can focus on selected areas including financial reporting, investments, accounts payable, and fixed assets.

Consulting and Ancillary Services

M&M offers financial institutions experienced senior consultants that can assist management in several critical risk areas . Depending on the engagement we may not be able to offer all services to all audit clients due to independence concerns. A partial list of our offerings appears below:

FDICIA/SOX/COSO 2013 Compliance
We can assist in preparing your organization for SOX and FDICIA compliance. We have extensive expertise in assisting clients who are required to be SOX and/or FDICIA compliant. We work with you to develop and document key internal controls over financial reporting and testing procedures to ensure a smooth transition to SOX and/or FDICIA. We can test those controls on a quarterly or semi-annual basis or integrate testing into our internal audit program. We can also assist with COSO 2013 evaluations and supporting documentation.
Ancillary Services
M&M provides a confidential “whistleblower” hotline for staff and board members to access if so desired by the client. M&M can also provide audit confirmation services for deposit and loan accounts. There are small monthly fees for these services.
M&M Consulting's Secure Portals
Protecting the present while assuring the future. Our team of IT experts work to make sure all client information sent through a portal is secure. Every day our IT staff strive to provide prompt, timely research on new ideas and innovative concepts to ensure the safety of your client’s information.
Commercial Loan Review

Commercial Loan Review

Building A Foundation Of Safety And Stability To Grow Revenues And Relationships


All good loan review consultants ensure that the institution’s risk ratings are solid, but not all firms go the extra mile.

M&M’s approach to loan review covers the highest level of governance regarding policy, trend analysis and migration analysis. We provide detailed reviews of every loan type, every lending officer, and every member of the support team. Our goal is to catch a weakness at an early stage before it becomes a systemic problem for the institution. Our team works with speed and accuracy and is given high marks from our clients for clear and consistent communication. Let us show you how we help credit professionals and boards of directors achieve peace of mind with the following added benefits:

Policy and Procedure Review
M&M will provide a detailed review of policy and procedures to ensure best practices and compliance with applicable regulations and laws. M&M will also review workflows for efficiency and examine staffing levels relative to portfolio sizes and complexity. M&M will also review the loan input and quality control processes that are in place at the institution.
Fair Lending Review
M&M performs a Fair Lending review with every engagement. Additionally, we can analyze data from current reporting and test for disparate treatment as it relates to small business loan activity. We are prepared to assist with current and upcoming data collection practices.
Portfolio Stress Testing
M&M can perform stress testing in one of two ways, either “Bottom Up” loan level stress testing or “Top Down” portfolio stress testing. M&M can assist in choosing the right methodology for testing based on the size and complexity of an institution’s portfolio.
Government Guarantee Review
M&M has trained staff to review State, Federal and private guarantee programs. If your program has not had a third-party review, contact us for recommendations to meet your institution’s needs.
Quality Assurance
M&M provides quality control services for many of its clients. This service provides real-time assurance that commercial origination, as well as other programs are maintained and operating effectively and efficiently.
Special Projects
Whether analyzing a workout program or world-wide credit solution, M&M has the experience to quote unique job requests. We provide a total outsourced solution or we can leverage current client staff to provide third party opinions as well as solutions regarding any commercial credit related activity. M&M has the depth to call upon its team of CPA auditors as well as credentialed compliance professionals to ensure timely and complete resolution of any special issues as they present.
Complete coverage of loan types, teams, and administration staff
Prior to the engagement, M&M will review and sort the commercial loan trial per the scope of review. We ensure that our “pull list” includes all types of commercial loans, samples of loans from each loan officer or lending team, and a sample of documentation by each loan assistant or loan processor. Our methodology helps to identify structural weaknesses or training needs before they become major problems.
Migration Analysis
In addition to measuring relative performance against a peer group, we find it helpful to measure performance against your own institution over time. M&M Consulting provides analysis of trends in the portfolio over time, including migration trends within the pass rated and classified loan portfolios. We qualify the migration by digging into loan types, geography, and human resources that may be positively or negatively influencing the overall portfolio quality.
Validation of Allowance for Loan and Lease Losses
M&M Consulting will validate as well as offer “best practice” ALLL refinements. We review the qualitative and quantitative factors used by management in the development of the ALLL and comment where we feel that our opinions can be useful to management. We use our best judgment to provide advice on the sufficiency of the ALLL based on current input from regulators and peer institutions. M&M is preparing for the shift to the CECL model of loan loss allowance and is happy to discuss strategy and tactics with our clients.
CECL Advisory Services
M&M can assist institutions in their strategic thinking and resource allocation as they begin to think about the conversion to CECL. M&M has a balanced and practical approach to the development of policy and procedures for both the Credit and the Finance areas of the institution. Let us help as you begin to prepare for the conversion to CECL.
Due Diligence Acquisition Review
M&M understands the urgency of acquisition opportunities as they present themselves. M&M customizes its due diligence loan portfolio purchase scope to match the needs of any size transaction. We provide loan level reporting and detail overall findings within our written conclusions. We appreciate the timing and confidentiality considerations of these transactions and are flexible in review scheduling and location.
Proprietary Software to Ensure Consistency and Thoroughness
M&M Consulting has developed proprietary software solutions to assist in efficiency and accuracy. Our systems allow us to give daily or hourly updates on the progress of the loan review project, including the percentage completed and a listing of all Action Items. During the course of the review, we update management on Action Items and work with staff to resolve these documentation and underwriting exceptions in order to minimize the number of Action Items in the final report. M&M also provides comparisons with peer groups of similar institutions to help provide timely performance comparisons for senior management and Audit Committees.
M&M Consulting’s Secure Portals
In addition to our traditional loan review services, M&M has the experience and technology to securely perform remote loan reviews. Off-site reviews have advantages for both the client and M&M including reduced travel related costs as well as minimizing disruptions to on-site resources . We will conduct remote reviews utilizing client technology, or our team of IT experts will install a secure M&M portal for all communications throughout the review.
Compliance Auditing and Monitoring

Compliance Auditing & Monitoring

A Team Of Experts In All Areas Of Regulatory Compliance


Regulatory compliance for financial institutions is continuously evolving and increasing in complexity. Our Compliance Division encompasses a team of industry experts with high level knowledge and experience in regulatory compliance. We take a risk-based approach tailored specifically to the financial institution; we never look for a “one size fits all” solution. Our goal is to develop the right program for your financial institution so that safety and efficiency go hand in hand.


 Our Regulatory Compliance Services Include:

Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Audits
BSA/AML is one of the most comprehensive and complex reviews within the financial institution. M&M follows the FFIEC BSA/AML Examination Manual and makes sure that our scope is consistent with regulatory expectations and industry best practices. M&M has helped many institutions overcome weaknesses and challenges in the BSA/AML area, allowing them to quickly return to good graces with the regulators.
Anti-Money Laundering Software Validations
An essential tool to a growing financial institution is an effective AML software system to increase the breadth and depth of monitoring for suspicious activities. However, the tool is only as good as the inputs which drive it. M&M is highly experienced in reviewing various AML software solutions to ensure the system is working as intended and parameters are appropriate based on your financial institution’s size and risk profile. Do not let your AML software become a beast of burden; M&M can help maximize the efficiency of your technology.
Loan-Related Audits
Regulatory compliance today focuses heavily on consumer lending. M&M provides comprehensive independent loan audits with consideration of applicable Federal and State requirements. We cover various topics, including Loan Originations, Loan Servicing, Truth in Lending, Real Estate Settlement Procedures Act, TILA/RESPA Integrated Disclosures, Equal Credit Opportunity Act, HMDA, Flood Insurance, SAFE Act, Fair Credit Reporting Act, E-Sign Act, Fair Debt Collections Practices Act, Military Lending Act, and Servicemembers Civil Relief Act.
Fair Lending Reviews
Fair Lending receives heightened scrutiny by regulators these days; let M&M help your financial institution in developing effective Fair Lending reviews with comprehensive analysis of historic lending data, including originated and non-originated applications. We analyze lending within the financial institution’s designated lending area and identify potential weaknesses. We have also assisted many financial institutions in the development of a Fair Lending risk assessment.
Commercial Lending-Related Audits
Regulators work to ensure fair treatment of commercial borrowers and guarantors, and so should the financial institution. M&M will review the practices for requiring additional guarantors in the commercial underwriting department, as well as for compliance with Flood Insurance and HMDA rules within the commercial banking division.
Community Reinvestment Act (CRA) Performance Reviews
M&M specializes in performance reviews of a financial institution’s CRA program before the examination happens – let us review your program and the governance of CRA to ensure there will be no issues with regulators. We look closely at the financial institution’s CRA activities and consider performance criteria standards and technical requirements based on the size classification of the financial institution.
Deposit-Related Audits
M&M offers thorough independent deposit-related audits with consideration of applicable Federal and State requirements. We comprehensively review disclosures and system parameters to ensure the financial institution is accurately disclosing and calculating interest on accounts and is complying with stated terms. We cover various topics, including Deposit Processing, Truth in Savings Act, Funds Availability Act, Electronic Funds Transfers Act, Fair Credit Reporting Act, Overdraft Protection, Privacy, and E-Sign Act.
Other Compliance-Related Audits
An effective Compliance Management System (CMS) is essential to ensuring overall compliance. M&M can review your financial institution’s CMS program to make sure it includes the required components and is adequate based on the financial institution’s size and risk profile. We also conduct compliance audits of other various areas, including Unfair, Deceptive, Abusive, Acts or Practices (UDAAP), Website, Social Media, and Advertising.
M&M Consulting’s Secure Portals
Protecting the present while assuring the future. Our team of IT experts work to make sure all client information sent through a portal is secure. Every day our IT staff strive to provide prompt, timely research on new ideas and innovative concepts to ensure the safety of your client’s information.

“M&M Has Always Aspired To Help Our Clients Succeed On The Regulatory Battlefield.”

To That End M&M Provides The Following Ancillary Services To Our Clients:

Answer Person

Answers to your compliance questions are available at the click of a button at any time during the business day from the M&M Answer Person.

Practical Compliance Newsletter/Calendar

We provide a comprehensive newsletter addressing recent and pending regulatory changes, compliance hot topics, and common Answer Person Q&As every other month. In the other months, we deliver a Compliance Calendar that provides upcoming important dates to be aware of in the regulatory world.

Compliance School

An annual school covering various topics intended for both senior and junior compliance staff, bank management, and boards of directors is offered to our clients. The school provides continuing education credits for CRCM/CAFP certification holders.

Compliance Program Development

M&M Consulting delivers a team of independent experts to deal with all of your regulatory challenges by providing comprehensive assistance in developing a more effective compliance program including, but not limited to:

  • In depth independent reviews
  • Risk assessments
  • Policy & procedure development
  • Training
  • Open issue tracking programs
  • In house monitoring programs
  • Board/audit committee reporting guidance
  • Form/disclosure review and development