New Guidance from the Fed on Examination of Community Banks - A Three Part Series

Part Residual Risk – The Defining Measure

In part one of this series we discussed the examination guidance on community banks from the Federal Reserve.  We noted that Consumer Affairs letter 13-19 details the risk based approach that the Federal reserve intends to use for the examination and supervision of banks $10 billion in assets or smaller.  We pointed out that we believe that this guidance presents both a warning and an opportunity.  The warning is that the regulators will increasingly expect that banks have a strong system for recognizing and evaluating risk.  The opportunity presented is the ability to present a strong case to the regulators and in doing so, reduce overall regulator contact. In the second part of this series, we discussed the methodology for measuring the level of inherent risk at your bank.  We stressed that the assessment of this level of risk should be comprehensive, honest and forward thinking.  The idea that regulatory agencies are looking to reward banks that provide a level of self-policing is becoming a reality.   Therefore, the more straightforward and clear-eyed the risk assessment, the more credibility that management will have with regulators. 

Residual Risk- Your Compliance Footprint

So now you have recognized that the warning from regulators is that they expect you to have a strong knowledge of the compliance risks inherent in your day to day operations.  You have also recognized that the opportunity exists to create a positive image with regulatory staff; an image of an institution that takes it compliance administration seriously. 

Ultimately, it is the manner in which compliance risk is managed and administered that will determine the level of risk at a financial institution.   We believe that there are several steps that banks can take to reduce their overall residual risk and improve the supervisory profile.  These steps go beyond the obvious need to:

A.       Make sure that policies and procedures are up to date and complete;

B.      Conduct periodic training;

C.      Perform independent transaction testing;

D.      Keep abreast of changes in regulations   

We also believe that there are structural ways to get the most out of a compliance program and thereby reduce residual risk. 

Embracing your Inner Compliance Persona 

If you were to do a study of the history of bank compliance history, you would find that there are simply no regulations that have not been rightly earned by the industry!  And even though we have not actually run across any of the culprits, the fact of the matter is that there are stories upon stories of bad behavior by banks that lead to the regulations that impact us day to day. 

The point here is that even though much of the disclosures and reporting required by consumer regulation tends to create a great deal of work; the evils that these regulations are trying to prevent are real.  In our opinion, it is better to embrace the idea that the regulation exists and work to incorporate compliance into day-to-day operations than it is to spend time lamenting them. 

Getting the Board’s “Buy-In” 

For all banks, the Board of Directors is ultimately responsible for the success of failure of the operation.  In that regard, it is the Board which sets the tone for the priorities at the institutions they oversee.  Getting the members of the Board to actively participate in the administration of the compliance program will send a strong message to the staff at the Bank.   

A Board that is well informed asks questions and follows up on management reports will greatly enhance the overall compliance program and elevate the level of compliance to its proper level. 

The more than staff at the Bank realizes that the Board takes compliance seriously, the more that compliance issues will become a thing of the past.  Task number one then for the Compliance Officer is to get the buy in of the Board of Directors.  

The Bank Secrecy Act is one of the few regulations that specifically requires Board members to receive annual training.  As a result, BSA training is generally the only class that we regularly see Board members taking on a regular basis.   In our opinion, this is a grave mistake!  Board members should take regular and comprehensive classes on all areas of importance to the Bank, including compliance.   We recommend that the Compliance Officer should be a pest when it comes to this training and continue to insist that the Board receive training on at a minimum, the “big four “  (Regulation B, CRA Fair Lending and UDAAP).     The more the Board understands the requirements of these regulations, the more they will insist on being informed of the compliance effort at the Bank. 

Making Compliance a Part of the Daily Activity at the Bank

We strongly encourage banks to make a point of explaining what it is that the regulations are trying to accomplish as part of any training that is provided.  For example, when training staff of the reporting requirements of HMDA, we have found that it is extremely useful to explain that the Federal Reserve takes the data from the HMDA reports and produces a great deal of economic research on lending and housing trends.   When staff understands that it is critical that the data is accurate because it is part of a bigger system, they are willing to take the time to get it right.  By developing a positive attitude about compliance, you can greatly enhance the overall effectives of a compliance program.  Getting the input of staff can leverage the limited resources that are available.    

 Why should you Care? 

At the end of the day, many a bank has taken the position that limited consumer activity means that there doesn’t need to be an extensive compliance program.  Besides, banks don’t get closed down for compliance violations, right?  

While it is true that no bank has been closed for exclusively consumer compliance related problems (yet!),   it is also true that the CFPR and by implication other banking agencies have made it clear that enforcement of regulations will become increasingly aggressive.  This is especially true in the areas of Fair Lending, UDAAP, CRA, Flood Insurance and BSA/AML compliance.   These are all areas that apply to ALL lending, Consumer or commercial. 

Failure to have a strong compliance program can lead to various enforcement actions including cease and desist orders and civil money penalties.   At a minimum, the bank that does have a good answer for how it is addressing inherent risk will have a high residual risk profile and can expect to feel increased supervisory activities form the regulators.  At the end of the day, the current guidance gives your bank the opportunity to greatly impact its own destiny.