One of the constants in the world of compliance is change. This has been especially true in the last few years, as not only have new regulations been issued; there is now an entirely different agency that regulates banks. Right now, most are unsure just how the Consumer Financial Protection Bureau (“CFPB”) will affect the banks it does not primarily regulate. However, it is a good bet that much of what is done by the CFPB will also be implemented in one form or another by the other prudential regulators.
One of the other constants in compliance has been skepticism
about consumer laws in general, and the need for compliance specifically.
It is often easy to feel the recalcitrance of the senior management at
financial institutions to the very idea of compliance. Even institutions
with good compliance records often tend to do only that which
is required by the regulation. In
many cases, they do the minimum for the sole purpose of staying in compliance
and not necessarily because they agree with the spirit of compliance.
Indeed, skepticism about the need for consumer regulations as well as the
effectiveness of the regulations are conversations that can be heard at many an
institution.
The combination of changes in the consumer regulations,
changes at regulatory agencies and changes in the focus of these agencies
presents both a challenge and an opportunity for compliance staff
everywhere. It is time to have “the talk” with senior management. What
should be the point of the talk? Enhancements in compliance can help your
bank receive higher compliance ratings while improving the overall relationship
with your primary regulator.
The Compliance
Conversation
While there are many ways to try to frame the case for why
compliance should be a primary concern at a bank, there are several points that
may help to convince a skeptic.
1) Compliance regulations
have been earned by the financial
industry. A quick review of the history of the most well-known
consumer regulations will show that each of these laws was enacted to address
bad behaviors of financial institutions. The Equal Credit Opportunity Act
was passed to help open up credit markets to women and minorities who were
being shut out of the credit market. The Fair lending laws, HMDA and the
Community Reinvestment Act were passed to assist in the task of the
ECOA. In all of these cases, the impetus for the legislation was
complaints from the public about the behavior of banks. The fact is that
these regulations are there to prevent financial institutions from hurting the
public.
2) Compliance will not go
away! Even though there have been changes to the primary regulations,
there has been no credible movement to do away with them. Banking is such
an important part of our economy that it will always receive a great deal of
attention from the public and therefore legislative bodies. In point of
fact, the trend for all of the compliance regulations is that they continue to
expand. The need for a compliance program is as basic to banking as the
need for deposit insurance. Since compliance is and will be, a fact of
banking life, the prudent course is to embrace it.
3) Compliance may not be a
profit center, but a good compliance program cuts way down on the opportunity
costs of regulatory enforcement actions. Many financial institutions
tend to be reactive when it comes to compliance. We understand; there is
cost benefit analysis that is done and often, the decision is made to “take our
chances” and get by with a minimal amount of resources spent on
compliance. However, more often than not the cost benefit analysis
does not take into account the cost of “getting caught”. Findings from
compliance examinations that require “look backs” into past transactions and
reimbursement to customers who were harmed by a particular practice is an
extremely expensive experience. The costs for such actions include costs
of staff time (or temporary staff), reputational costs and the costs associated
with correcting the offending practice. A strong compliance management
system will help prevent these costs from being incurred and protect the
institution’s reputation; which at the end of the day is its most important
asset.
4) Compliance is directly
impacted by the strategic plan. Far
too often, compliance is not considered as institutions put together their
plans for growth and profitability. Plans for new marketing
campaigns or new products being offered go through the approval process without
the input of the compliance team. Unfortunately, without this
consideration, additional risk is added without being aware of how the
additional risk can be mitigated. When compliance is
considered in the strategic plan, the proper level of resources can be
dedicated to all levels of management and internal controls.
5) There is nothing about
being in compliance that will get in
the way of the bank making money and being successful. Many times the
compliance officer gets portrayed as the person who keeps saying no; No!” to
new products, “No!” to new marketing, and “No!” to being
profitable. But the truth is that this characterization is both unfair
and untrue. The compliance staff at your institution wants it to make all
the money that it possibly can while staying in compliance with the laws that apply. The compliance team is not the
enemy. In fact, the compliance team is there to solve
problems.
Getting the
Conversation to Address the Future.
Today there are changes in the expectations that regulators
have about responding to examination findings and the overall maintenance of
the compliance management program. There are three fronts that may
seem unrelated at first, but when out together make powerful arguments about
how compliance can become a key component in your relationship with the
regulators.
First, the prudential regulators have made it clear that
they intend the review of the compliance management program
to directly impact the overall “M” rating within the CAMEL
ratings. The thought behind evaluating the compliance management
program as part of the management rating is that it is the responsibility of
management to maintain and operate a strong compliance program. The
failure to do so is a direct reflection of management’s abilities.
Compliance is now a regulatory foundation issue.
Second, now more than ever, regulators are looking to banks
to risk assess their own compliance and when problems are noted, to come
forward with the information. The CFPB for example, published guidance in
2013 (Bulletin 2013-06) that directly challenged banks to be corporate citizens
by self-policing and self-reporting. It is clear that doing so will
enhance both the reputation and the relationship with regulators. The
idea here is that by showing that you take compliance seriously and are willing
to self-police, the need for regulatory oversight can be reduced.
Finally, the regulators have reiterated their desire to see
financial institutions address the root causes of findings in
examinations. There have been recent attempts by the Federal
Reserve and the CFPB to make distinctions between recommendations and findings.
The reason for these clarifications is so that institutions can more fully
address the highest areas of concern. By “addressing”, the regulators are
emphasizing that they mean dealing with the heart of the reason that the
finding occurred. For example, in a case where a bank was improperly
getting flood insurance, the response cannot simply be to tell the loan staff
to knock it off! In addition to correcting mistakes, there is either a
training issue of perhaps staff are improperly assigned. What is the
reason for the improper responses? That is what the regulators want
addressed.
The opportunity
exists to enhance your relationship with your regulators through your
compliance department. By elevating the level of importance of compliance
and using your compliance program as a means of communicating with your
regulators, the compliance conversation can enhance the overall relationship
between your institution and your regulator.
No comments:
Post a Comment