Establishing an Effective Compliance Program (article)
This is the first in a series of topics addressing regulatory compliance and related issues specific to the banking and financial services sector.
In the past 30 years, the interconnectedness of financial systems worldwide has required both federal and international regulatory attention. The BASEL accords, Dodd-Frank and other regulatory actions present specific and far-ranging compliance requirements for banks, lately including such issues as consumer protection, executive pay, bank capital requirements and, of course, compliance and transparency.
In this heightened and growing regulatory environment, a bank’s key to achieving a successful compliance examination lies with the development and organization-wide implementation of a cohesive culture of compliance. The trusty handbook of standalone policies and procedures doesn’t stand up to the examiner audit these days. The focus on reputation, legal and compliance risk remains the same; however, particularly in the financial sector, regulators now look for a more holistic approach to compliance. This approach starts with a top-down, enterprise-wide perspective and ends with a robust testing, remediation and monitoring plan.
More Than a Plan, You Need a Program
Regulators expect a unified program of compliance, spanning all aspects of an organization’s structure and services offered, including staff training, procedures for remaining abreast of regulatory change and, importantly, engagement of senior management. Several key considerations will prove useful as you review or develop a program that both supports and reflects a culture of compliance.
- Consider how you approach the broad subject of compliance. Is there a central authority over the compliance function with the necessary authority, training and resources to manage compliance across departmental lines?
- Do you have a function in place to ensure full knowledge of the laws and regulations that affect your organization and to anticipate regulatory changes? (This function can be located either in legal or compliance.)
- How quickly are changes incorporated into operational procedures?
- Do you have training programs targeted specifically to staff involved in compliance functions?
- Does your Board of Directors provide strong oversight of the compliance program and compliance audit function?
- Do you have a dashboard or system that identifies and supports the management of compliance risk?
- Do you have a dynamic schedule/tickler system for compliance requirements?
- Do you have subject matter experts who can support your most complex regulatory needs and assist in the development of policies, procedures and training plans for compliance staff?
If you had to submit your current compliance program to your primary regulators today, what would be their reaction? If your program includes written documentation of the following elements, reception should be positive.
- Compliance risk assessment to guide development of a program that is appropriate in scope and suitable to the needs of your bank based on size, product offerings, office locations, staffing and other key markers.
- Monitoring for compliance with all laws and regulations, including methods to perform internal audit of loan transactions, products and services, consumer protection, etc.
- Policies and procedures that are up-to-date, clearly define how your compliance policies are revised for new requirements and how those developments and changes are communicated to Management, the Board of Directors and the bank’s staff.
- Procedures for documenting consumer complaints, i.e., how they are tracked and resolved.
- Training scheduled to ensure up-to-date compliance on all regulatory requirements and offered to all levels of staff, including the Board of Directors.
Building out program segments as defined above will generate additional considerations that will determine your final product.
- Who (what individual, what staff level, what department) will be performing specific tasks?
- Does staff have the proper background, skills and training to perform the required tasks?
- If using outside resources, how do you best blend internal staff with outside experts and systems?
- Which tasks can be automated and which should stay manual?
- What is essential to the plan and what is optional?
- What are the penalties and consequences for non-compliance?
Cost as a Key Consideration
While most would agree that dollars are more wisely spent on designing and implementing an appropriate compliance and risk program than on fines associated with regulatory missteps or noncompliance, banks may face pushback from stakeholders on surging compliance and regulatory costs. Perhaps the best way to manage costs is to develop a program that is appropriately sized and focused for the needs of your institution.
The American Banking Association appears to suggest this customized approach in its position statement on regulation that urges policymakers to “move away from one-size-fits-all regulation to tailored regulation that corresponds to a bank’s charter, business model, geography and risk profile.” A compliance program review that considers not only the regulator’s concerns but also continued suitability and optimum efficiency for your organization. It may return cost management benefits as well.
Proactive Beats Reactive
Today’s regulators are focused on how organizations evaluate compliance risk across the enterprise. This starts with a plan that provides for comprehensive regulatory coverage and active, ongoing monitoring of compliance risks.
Taking a proactive approach to your compliance program will return significant benefits. Beyond the safety and security of knowing you are in control of your compliance needs, the process of building a program that injects a compliance culture into the fabric of your enterprise can offer management fresh operational insights. The alternative, reactive approach puts control in the hands of others and leaves your bank’s reputation and operational stability at risk.
Future articles in this series will discuss Program Execution and perhaps the most difficult stage of a successful compliance program, Program Maintenance.
For questions or comments about the issues addressed in this article, please contact the authors, Jake McDonald, CBIZ Credit Risk Advisory Practice (610-862-2202), Remonde Brangman, CBIZ National Risk Advisory Practice (540-687-0406), or your local CBIZ advisor.