Having a Conversation About Compliance
One of the constants in the world of compliance is
change. One of the other constants in compliance has been
skepticism about consumer laws in general, and the need for compliance
specifically. It is often easy to feel the recalcitrance of the senior
management at financial institutions to the very idea of compliance. Even
institutions with good compliance records often tend to do only that which is
required by the regulation. In many cases, they do the minimum for
the sole purpose of staying in compliance and not necessarily because they
agree with the spirit of compliance. Indeed, skepticism about the need
for consumer regulations as well as the effectiveness of the regulations are
conversations that can be heard at many an institution.
The combination of changes in the consumer regulations,
changes at regulatory agencies and changes in the focus of these agencies
presents both a challenge and an opportunity for compliance staff
everywhere. It is time to have “the talk” with senior management. What
should be the point of the talk? Enhancements in compliance can help your
bank receive higher compliance ratings while improving the overall relationship
with your primary regulator.
The Compliance Conversation
While there are many ways to try to frame the case for why
compliance should be a primary concern at a financial institution, there are
several points that may help to convince a skeptic.
1) Compliance
regulations have been earned by the financial industry.
A quick review of the history of the most well-known consumer regulations will
show that each of these laws was enacted to address bad behaviors of financial
institutions. The Equal Credit Opportunity Act was passed to help open up
credit markets to women and minorities who were being shut out of the credit
market. The Fair lending laws, HMDA and the Community Reinvestment Act
were passed to assist in the task of the ECOA. In all of these cases, the
impetus for the legislation was complaints from the public about the behavior
of banks. The fact is that these regulations are there to prevent financial
institutions from hurting the public.
2) Compliance will not
go away! Even though there have been changes to the primary
regulations, there has been no credible movement to do away with
them. Banking is such an important part of our economy that it will always
receive a great deal of attention from the public and therefore legislative
bodies. In point of fact, the trend for all of the compliance regulations
is that they continue to expand. The need for a compliance program is as
basic to banking as the need for deposit insurance. Since compliance is
and will be, a fact of banking life, the prudent course is to embrace
it.
3) Compliance may not
be a profit center, but a good compliance program cuts way down on the
opportunity costs of regulatory enforcement actions. Many financial
institutions tend to be reactive when it comes to compliance. We
understand; there is cost benefit analysis that is done and often, the decision
is made to “take our chances” and get by with a minimal amount of resources
spent on compliance. However, more often than not the cost benefit
analysis does not take into account the cost of “getting caught”.
Findings from compliance examinations that require “look backs” into past
transactions and reimbursement to customers who were harmed by a particular
practice is an extremely expensive experience. The costs for such actions
include costs of staff time (or temporary staff), reputational costs and the
costs associated with correcting the offending practice. A strong compliance
management system will help prevent these costs from being incurred and protect
the institution’s reputation; which at the end of the day is its most important
asset.
4) Compliance is
directly impacted by the strategic plan. Far too often,
compliance is not considered as institutions put together their plans for
growth and profitability. Plans for new marketing campaigns or new
products being offered go through the approval process without the input of the
compliance team. Unfortunately, without this consideration, additional
risk is added without being aware of how the additional risk can be
mitigated. When compliance is considered in the strategic
plan, the proper level of resources can be dedicated to all levels of
management and internal controls.
5) There is nothing
about being in compliance that will get in the way of the financial
institution making money and being successful. Many times the
compliance officer gets portrayed as the person who keeps saying no; No!” to
new products, “No!” to new marketing, and “No!” to being profitable.
But the truth is that this characterization is both unfair and untrue.
The compliance staff at your institution wants it to make all the money that it
possibly can while staying in compliance with the
laws that apply. The compliance team is not the enemy. In fact, the
compliance team is there to solve problems.
Getting the Conversation to Address
the Future.
Today there are changes in the expectations that regulators
have about responding to examination findings and the overall maintenance of
the compliance management program. There are three fronts that may
seem unrelated at first, but when out together make powerful arguments about
how compliance can become a key component in your relationship with the
regulators.
First, the prudential regulators have made it clear that
they intend the review of the compliance management program
to directly impact the overall “M” rating within the CAMEL
ratings. The thought behind evaluating the compliance management
program as part of the management rating is that it is the responsibility of
management to maintain and operate a strong compliance program. The
failure to do so is a direct reflection of management’s abilities.
Compliance is now a regulatory foundation issue.
Second, now more than ever, regulators are looking to banks
to risk assess their own compliance and when problems are noted, to come
forward with the information. The CFPB for example, published guidance in
2013 (Bulletin 2013-06) that directly challenged banks to be corporate citizens
by self-policing and self-reporting. It is clear that doing so will
enhance both the reputation and the relationship with regulators. The
idea here is that by showing that you take compliance seriously and are willing
to self-police, the need for regulatory oversight can be reduced.
Finally, the regulators have reiterated their desire to see
financial institutions address the root causes of findings in
examinations. There have been recent attempts by the Federal
Reserve and the CFPB to make distinctions between recommendations and
findings. The reason for these clarifications is so that institutions can
more fully address the highest areas of concern. By “addressing”, the
regulators are emphasizing that they mean dealing with the heart of the reason
that the finding occurred. For example, in a case where a bank was
improperly getting flood insurance, the response cannot simply be to tell the
loan staff to knock it off! In addition to correcting mistakes, there is
either a training issue of perhaps staff are improperly assigned. What is
the reason for the improper responses? That is what the regulators want
addressed.
The opportunity exists to enhance your relationship with
your regulators through your compliance department. By elevating the
level of importance of compliance and using your compliance program as a means
of communicating with your regulators, the compliance conversation can enhance
the overall relationship between your institution and your regulator.
No comments:
Post a Comment