What to do when
the regulators have a finding
Introduction
If you are or have been in the compliance arena you are
familiar with this scenario; The examiners have just come to your office with a
most somber countenance. They are here
to report a significant finding that has resulted from their review. You have several options, you can:
A)
Hide under your desk and hope they go away
B)
Engage in histrionics and accuse them of picking
on your bank
C)
Threaten to sue
D)
Listen closely to what they are saying and ask a
series of questions that will allow you to deal with the finding in an
effective manner
The fact is that findings happen! The fact also is that there are findings and
there are FINDINGS! The way you deal
with each of these will greatly impact your compliance life. There are a number of critical steps that
your institution can take that will allow your response to have the greatest
impact.
Step One- What, Exactly is the Finding?
It is critical to find out all you can from the examiner
when they are presenting the finding. In
many cases, findings are the result of a miscommunication or misunderstanding
of questions being asked. For example,
at one bank, an examiner asked where flood insurance policies are stored and was
told they are kept in the loan file.
However, the person who gave this answer was unaware that the procedure
had been changed and flood loan policies were now kept in a different
place. In this case, the examiners
originally were ready to cite the bank for several violations of the flood
rules because the information in the loan files was stale. It is very important to determine form the
outset the exact nature of the violation being cited.
Along these lines, it is important determine the specific
regulation, guidance or rule that has been violated. By going to the source of the regulatory
requirement, you can get the clearest picture.
As part of this process, it is also useful to get an understanding of
whether or not the rule in question is new or has been around for some
time. While it is generally true that
the older the rule, the bigger the concern that is being cited as a finding,
there are circumstances where this may not be the case[BW1] . For example, a reinterpretation of a rule
has the same impact as a new rule. There are sometimes areas that receive new or
increased focus. For example, the requirement
that a flood insurance customer receive notice of being a flood area every time
a loan is modified, is a requirement that has recently received greater
attention, even though the requirement has been in place for many years.
The source of the finding can be a critical consideration
when determining the level of enforcement action.
Even though it is understandable, we recommend that your never
use the “I was never cited for this before” answer. You drive faster than the speed limit on
the freeway on a regular basis. This doesn’t
mean that it is okay and you would try that answer with a highway
patrolman!
At the end of the day, make sure that you can explain the
violation to someone else as a test to ensure that you understand the
issue.
Step Two- Why did this Happen?
A frequent mistake that institutions make is to simply fix
the problem that is cited in the regulation – i.e., missing disclosures; we
will simply start making the disclosures going forward. The problem with this approach is that it is
simply a bandage. It doesn’t necessarily
address the real concern that may have caused the finding in the first
place. The next step in managing a
finding is getting to the root of the problem that caused it.
There are several questions to ask when determining the root
cause of a finding. Was it a training
issue or were policies and procedures outdated and inefficient? One the most important questions to ask is
whether or not the problem is systemic or limited to an individual staff member
or business line. Is the root of the problem
that we don’t understand what the regulation is asking or is it more the case that
training needs to be reinforced?
Determining the root cause of a finding allows the institution to frame
the magnitude of the issue and to build a response that is appropriate.
Step Three- Is this indicative of a bigger problem?
Once the root cause of a finding has been determined, it is
necessary to determine if the findings are an indication of a much bigger
problem. There are as many reasons that
findings occur as there are findings.
However, some reasons are indicative of a much larger problem. For example, if the root cause of the problem
is that the institutions was simply unaware of changes to the regulation, there
is a fundamental flaw in the overall compliance management program. This does not mean that your compliance staff
is incompetent. There are many
regulations that are coming at financial institutions on a regular basis. There have to be sufficient resources to
ensure that the changes in regulations are communicated and necessary
procedures implemented.
In the alternative, perhaps the issue is one of
training. Many institutions use online
training programs. These programs are a
cost effective means to training staff and are widely accepted by
regulators. There are however, times
when the on-line training may not be sufficient. In many cases, the opportunity to receive in
person training that details the history and goals of a regulation is the best
most effective way to reduce findings and violations.
The compliance examination of your institution is ultimately
a test of the effectiveness of the compliance management program. The role of the program at its core should
be to identify and to mitigate risks. If
the system that you have developed is not capable of performing this function
effectively, findings are indicative of a much bigger problem.
Step Four – Communicating
It is important to communicate the finding(s) to senior
management and the Board so that they are fully informed. As a best practice, the root cause and the
proposed solution should be communicated simultaneously. Communicating the understanding of the
finding as well as the plan for fixing the problem is an excellent way to
demonstrate to the regulators that you understand the breadth and depth of the
concern. The relationship built on trust
and communication will go a long way where there are severe findings. especially
if the findings are servere.
Step Five - Find out as soon as you can what the
regulatory implications will be
As we noted earlier, there are findings and there are
FINDINGS! In some cases, the finding can
simply be a matter of a small correction.
In other cases, the examiner many find that a pattern and practice of
violations exists. In these cases, the
examiner can recommend enforcement actions up to and including civil money
penalties. For example, it is critical
to find out from the examiners whether or not they will consider a finding a
repeat finding. Repeat findings are an
indication of general weakness in the compliance program and are always
considered grave, no matter the area of the finding. In this way, a minor or technical finding can
become a matter requiring attention or even the basis for a supervisory letter. The regulatory implications of the finding
must also be communicated to senior management.
Suppose you Don’t Agree
We are aware that many financial institutions either don’t
agree or that have misgivings about a finding, but go along to get along. While this practice may seem to make life
easier, it is not actually the most prudent path to take. ASK
for clarification- this is not to be argumentative, but without doing so,
you can lock yourself into an untenable position. In the event that the examiner may be asking
something of the institution that is infeasible (e.g. acquiring a new software
program). This is also why it is
important to understand the source of the finding- if it is an interpretation
or the regulation, there is likely to be a change in the next examination;
different examination teams have different interpretations of the
regulation. Ultimately, a forceful yet
respectful disagreement is a good thing and is respected by the
regulators.
All of the regulators have a system in place to allow for
appeals of decisions in those instances where both parties may agree to
disagree.
Pick Your Battles
Remember that the compliance review is ultimately an
analysis of the compliance management program.
Individual findings do not necessarily indicate a fundamental weakness
of the CMP. Make sure that you keep the
difference between findings and FINDINGS in mind.
**PLEASE JOIN US
THURSDAY MARCH 17, 2016 AT 10AM PST FOR OUR FREE 15 MINUTE REGULATORY BRIEFING
“WHAT TO DO WHEN THE EXAMINERS HAVE A FINDING”
FOR MORE INFOMRATION AND DETAILS GO TO WWW.VCM4YOU.COM
No comments:
Post a Comment