VCM BLOG

Self-Policing- An Excellent Way to Control Your own Destiny,June 26, 2017

 

 

June

 

Note: The following is an update of a blog that we originally posted in November of 2015. In light of recent implementation of the new Uniform Interagency Consumer Compliance rating system, we felt that this blog is once again timely.

Self-Policing- An excellent way to control your own destiny.

So, you are the compliance officer and while doing a routine check on disclosures, you notice a huge error that the Bank has been making for the last year. The beads of sweat form on your forehead as you realize that this mistake may impact several hundred customers.  Real panic sets in as you start to wonder what to do about the regulators. To tell or not to tell, that is indeed the question.

Many of our clients struggle with the question of what to do when your internal processes discover a problem. We have always believed that the best policy is to inform the regulators of the problem.    CFBP Bulletin 2013-06 discusses what it calls “responsible business conduct” and details the grounds for receiving consideration for getting enforcement relief from the CFPB. In this case, “consideration is somewhat vague and it depends on the nature and extent of the violation, but the message is clear. It is far better to self-police and self-report than it is to let the examination team discover a problem.

Why Disclose a Problem if the Regulators Didn’t Discover it?  

It is easy to make the case that financial institutions should “let sleeping dogs lay”. After all, if your internal processes have found the issue, the thing is that you can correct it without the examiners ever knowing, move on and everybody is happy.  Right? In fact, nothing could be further from the truth.  There was a time when the relationship between regulators and the banks they regulate was collegial, but that is most certainly not the case any longer.

Self- Policing

It is not enough that a bank discovers its own problems and addresses them. In the current environment, there is a premium placed on the idea that a bank has compliance and/or audit systems in place that are extensive enough to find problems, determine the root of the problems and make recommendations for change. An attitude that compliance is important must permeate the organization starting from the top. To impress the regulators that an organization is truly engaged in self-policing, there has to be evidence that senior management has taken the issue seriously and has taken steps to address whatever the concern might be. For example, suppose during a compliance review, the compliance team discovers that commercial lenders are not consistently given a proper ECOA notification. This finding is reported to the Compliance Committee along with a recommendation for training for commercial lending staff.  The Compliance Committee accepts the recommendation and tells the Compliance Officer to schedule Reg. B training for commercial lenders. This seems like a reasonable response, right?

This does not rise to the level of self- policing that is discussed in the CFPB memo; a further step is necessary. What is the follow-up from senior management?  Will senior management follow up to make sure that the classes have been attended by all commercial lending staff? Will there be consequences for those who do not attend the classes? The answers to these questions will greatly impact the determination of whether there is self-policing that is effective.  Ultimately, the goal of a Bank should be to show that the effort at self-policing for compliance is robust and taken seriously at all levels of management. The more the regulators trust the self-policing effort, the more the risk profile of bank decreases and the less likely enforcement action will be imposed.

Self-Reporting

While at first blush self-reporting seems a lot like punching oneself in the face, this is not the case at all.   The over-arching idea from the CFPB guidance is that the more the institution is willing to work with the regulatory agency, the more likely it is that there will be consideration for reduced enforcement action. Compliance failures will eventually be discovered and the more they are self-discovered and reported, the more trust the regulators have in the management of the bank in general and the effectiveness of the compliance program in particular.  The key here is to report at the right time. Once the extent of the violation and the cause of it have been determined, the time to report is imminent. While it may seem that the best time to report is when the issue is resolved, this will generally not be the case. In point of fact, the regulators may want to be involved in the correction process. In any event, it is a bad idea to wait too long to report a problem. For example, don’t wait  until discovery of the problem is imminent (e.g. the regulatory examination will start next week!).

When it is time to report a problem to the regulators, it is important to remember that you should give complete information, keeping in mind that you should know the extent and the root cause of the problem. It is also advisable to have a strategy for remediation in place at the time of reporting.

Remediation

What will your bank do to correct the problem? Has there been research to determine the extent of the problem and how many potential customers have been affected?     How did the Bank make sure that whatever the problem is has been stopped and won’t be repeated? What practices, policies and procedures have been changed as a result of the discovery of the problem? These are all questions that the regulators will consider when reviewing efforts at remediation. For instance, if it turns out that the problem has been improperly disclosing transfer taxes, an example of strong mediation would include:

  • A determination if the problem was systemic or with a particular staff member
  •  A “look back” on loan files for the past 12 months
  • Reimbursement of all customers who qualify
  • Documentation of the steps that were taken to verify the problem and the reimbursements
  • Documentation of the changed policies and procedures to ensure that there is a clear understanding of the requirements of the regulation.
  • Disciplinary action (if appropriate for affected employees)

A plan for follow-up to ensure that the problem is not re-occurring

Cooperation

Despite the very best effort at self-reporting and mediation, there may still be an investigation by the regulators. If the regulators start to investigate an area that you have already disclosed, such an instance calls for cooperation not hunkering down. The more the bank is forthcoming with the information about its investigation, the more likely that the regulators will determine that there is nothing more for them to do.

 

The new regulatory ratings systems actually puts a premium on the ability of financial institutions to “self-police”.   We will discuss the ways to get the most benefit from self-reporting in future blogs.

Western Independent Bankers introduces Virtual Compliance Management as a Premier Solution Provider June 7, 2017

SAN FRANCISCO, CA (June 7, 2017) — Western Independent Bankers (WIB), the premier trade association for more than 22,000 members and 140 community banks, announced today that Virtual Compliance Management (VCM) has become a Premier Solution Provider of WIB to offer their compliance services to community banks across the Western states and U.S. Territories. Premier Solution Providers support products and services designed to address the unique challenges of community banks, contribute to the financial strength of the institution, and advance sustainability through education and innovation.

With a platform that includes audit services, data validation, compliance consulting, and an online resource portal, VCM delivers the tools necessary to navigate both internal and regulatory demands with confidence and success.

“The old approach to compliance in today’s competitive environment can actually increase your risk,” said James DeFrantz, Principal at VCM. “Our regulators are consultants, giving VCM a unique perspective which we use to enhance existing compliance programs. Our experience and relationship-based approach are what makes us unique.”

“We’re extremely happy to expand our relationship with WIB and its member banks,” said DeFrantz. “We understand the disproportionate and increasing cost of community bank compliance in relation to their bigger bank brethren. We can control compliance costs without increasing risk to help level the playing field. Compliance can actually be a competitive advantage, even opening up new revenue streams and increasing noninterest income.

“If there is artistry in technology and confidence in service, then it’s compliance and risk where banks bear the steadfast promise of diligence,” said Michael Delucchi, President and CEO of Western Independent Bankers. “What the team at VCM delivers to our membership is a comprehensive approach to regulatory expectation that is grounded in practical experience and industry insight. With a methodology that includes direct consulting, speaking at WIB conferences, and engaging in our web-based education series, the relationship between WIB and VCM creates an extraordinary opportunity for member banks to explore compliance management solutions that are tailored to the particular needs of each organization.”


About Western Independent Bankers and WIB Service Corporation

For eighty years Western Independent Bankers (WIB) has been the premier networking and educational organization for community banks in the West. WIB informs, educates, and connects community banks with the resources and services to achieve the highest standards of personal and organizational performance. WIB Service Corporation was established in 1994 by the WIB Board of Directors as a wholly owned subsidiary of WIB. WIB Service Corporation conducts a strenuous selection process before putting the stamp of approval on an elite group of products and services that meet the highest industry standards and help WIB member banks to reduce costs, operate more efficiently, and compete more effectively. For more information, visit www.wib.org.

About Virtual Compliance Management

Virtual Compliance Management is a collective of former regulators, compliance officers, internal auditors, and trainers. The consulting firm provides flexible resources for financial institutions, including updating bank policies and procedures, training classes, audits, bank exam preparation, quality control reviews, fintech compliance consulting, and audit remediation. For more information, visit www.vcm4you.com

Contacts

Betty House
Senior Vice President Strategic Alliances/CTO
415.352.3222
betty@wib.org
Your Partner in Balancing Compliance